GHSA-w5fc-gj3h-26rx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w5fc-gj3h-26rx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-w5fc-gj3h-26rx/GHSA-w5fc-gj3h-26rx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w5fc-gj3h-26rx
- Aliases
-
- CVE-2024-21526
- Published
- 2024-07-10T06:33:52Z
- Modified
- 2024-07-11T17:25:31Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- speaker vulnerable to Denial of Service
- Details
-
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.
- Database specific
{ "github_reviewed_at": "2024-07-10T21:38:31Z", "cwe_ids": [ "CWE-241", "CWE-400" ], "nvd_published_at": "2024-07-10T05:15:11Z", "severity": "HIGH", "github_reviewed": true }- References
Affected packages
npm / speaker
Package
- Name
- speaker
- View open source insights on deps.dev
- Purl
- pkg:npm/speaker