CVE-2024-21524

Source
https://cve.org/CVERecord?id=CVE-2024-21524
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21524.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-21524
Aliases
Published
2024-07-10T05:00:05.257Z
Modified
2026-07-15T01:49:02.812100458Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P CVSS Calculator
Summary
[none]
Details

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.

Database specific
{
    "cna_assigner": "snyk",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/21xxx/CVE-2024-21524.json",
    "cwe_ids": [
        "CWE-125"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "*"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/magiclen/node-stringbuilder

Affected ranges

Type
GIT
Repo
https://github.com/magiclen/node-stringbuilder
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:magiclen:stringbuilder:*:*:*:*:*:node.js:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.7"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.1.0
v1.3.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21524.json"