CVE-2024-27088
Published: 26 February 2024
es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.
Priority
Status
Package | Release | Status |
---|---|---|
node-es5-ext Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Ignored
(end of life, was needs-triage)
|
|
noble |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
References
- https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h
- https://github.com/medikoo/es5-ext/issues/201
- https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 (v1.10.63)
- https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 (v1.10.63)
- https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2
- https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602
- https://www.cve.org/CVERecord?id=CVE-2024-27088
- NVD
- Launchpad
- Debian