Description

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.

INFO

Published Date :

2024-11-19T05:00:02.929Z

Last Modified :

2024-11-19T15:18:10.708Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2024-21539 vulnerability.

Vendors Products
Eslint
  • Rewrite
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-21539.

URL Resource
https://github.com/eslint/rewrite/commit/071be842f0bd58de4863cdf2ab86d60f49912abf cve-icon cve-icon
https://security.snyk.io/vuln/SNYK-JS-ESLINTPLUGINKIT-8340627 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact