CVE-2024-27088 NONE

CVE-2024-27088: es5-ext Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

Vendor Medikoo
Product es5-ext
Weakness CWE-400
Published February 26, 2024
Last update August 9, 2024

CVSS base score

0.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N

What the vulnerability does

01Description

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.

Key dates

02Disclosure timeline

February 26, 2024 CVE published
August 9, 2024 Record updated