CVE-2024-38375

Published: Jun 26, 2024

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package.

Vendor	Product	Versions
fastly	js-compute-runtime	affected `>= 3.0.0, < 3.16.0`

Weaknesses (CWE)

CWE-416

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

References

https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv

x_refsource_CONFIRM

https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-38375

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References