Home > Vulnerability Database > CVE-2024-43380

Mend.io Vulnerability Database

CVE-2024-43380

Good to know:

Date: August 19, 2024

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.

Language: Ruby

Severity Score

5.3

Related Resources (8)

Url: https://security-tracker.debian.org/tracker/CVE-2024-43380

Url: https://github.com/floraison/fugit/issues/104

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-43380

Url: https://github.com/floraison/fugit

Url: https://github.com/floraison/fugit/commit/ad2c1c9c737213d585fff0b51c927d178b2c05a5

Url: https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fugit/CVE-2024-43380.yml

Url: https://www.mend.io/vulnerability-database/CVE-2024-43380

Severity Score

5.3

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version fugit - 1.11.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-43380

Good to know:

Date: August 19, 2024

Language: Ruby

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?