fkie_cve-2024-38375
Vulnerability from fkie_nvd
Published
2024-06-26 19:15
Modified
2024-11-21 09:25
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
Summary
@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package.
References
security-advisories@github.comhttps://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3
security-advisories@github.comhttps://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv
af854a3a-2127-422b-91ae-364da2661108https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3
af854a3a-2127-422b-91ae-364da2661108https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package."
    },
    {
      "lang": "es",
      "value": "@fastly/js-compute es un SDK de JavaScript y un tiempo de ejecuci\u00f3n para crear aplicaciones Fastly Compute. Se determin\u00f3 que la implementaci\u00f3n de varias funciones inclu\u00eda un error de use after free. Este error podr\u00eda permitir la p\u00e9rdida de datos no intencionada si el resultado de las funciones anteriores se enviara a cualquier otro lugar y, a menudo, resulta en una trampa de invitados que hace que los servicios devuelvan un 500. Este error se solucion\u00f3 en la versi\u00f3n 3.16.0 de `@fastly/ Paquete js-compute`.F2937"
    }
  ],
  "id": "CVE-2024-38375",
  "lastModified": "2024-11-21T09:25:32.063",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 4.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-06-26T19:15:13.677",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.