UBUNTU-CVE-2024-27088
- Source
- https://ubuntu.com/security/CVE-2024-27088
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-27088.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-27088
- Upstream
- Published
- 2024-02-26T17:15:00Z
- Modified
- 2025-07-14T06:35:46.453257Z
- Severity
-
- 0.0 (None) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N CVSS Calculator
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- - medium
- Summary
- [none]
- Details
-
es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into
function#copyorfunction#toStringTokensmay cause the script to stall. The vulnerability is patched in v0.10.63. - References
-
- https://ubuntu.com/security/CVE-2024-27088
- https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h
- https://github.com/medikoo/es5-ext/issues/201
- https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2
- https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602
- https://www.cve.org/CVERecord?id=CVE-2024-27088
Affected packages
Ubuntu:Pro:18.04:LTS / node-es5-ext
Package
- Name
- node-es5-ext
- Purl
- pkg:deb/ubuntu/node-es5-ext@0.10.30-1?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / node-es5-ext
Package
- Name
- node-es5-ext
- Purl
- pkg:deb/ubuntu/node-es5-ext@0.10.30-1?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / node-es5-ext
Package
- Name
- node-es5-ext
- Purl
- pkg:deb/ubuntu/node-es5-ext@0.10.53+~1.1.0-2?arch=source&distro=jammy
Ubuntu:24.04:LTS / node-es5-ext
Package
- Name
- node-es5-ext
- Purl
- pkg:deb/ubuntu/node-es5-ext@0.10.62+dfsg1+~1.1.0-2?arch=source&distro=noble