Home > Vulnerability Database > CVE-2024-21539

Mend.io Vulnerability Database

CVE-2024-21539

Good to know:

Date: November 19, 2024

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-21539

Url: https://github.com/eslint/rewrite

Url: https://github.com/eslint/rewrite/security/advisories/GHSA-7q7g-4xm8-89cq

Url: https://github.com/eslint/rewrite/commit/071be842f0bd58de4863cdf2ab86d60f49912abf

Url: https://www.mend.io/vulnerability-database/CVE-2024-21539

Severity Score

7.5

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version @eslint/plugin-kit - 0.2.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-21539

Good to know:

Date: November 19, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?