CVE-2024-27088

Published: 26 February 2024

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.

Priority

Status

Package	Release	Status
node-es5-ext Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	jammy	Needs triage
	mantic	Ignored (end of life, was needs-triage)
	noble	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

References

https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h
https://github.com/medikoo/es5-ext/issues/201
https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 (v1.10.63)
https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 (v1.10.63)
https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2
https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602
https://www.cve.org/CVERecord?id=CVE-2024-27088
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.