QwikSec

Security Database

CVE

CWE

Training

CVE-2024-39249

Published: Jul 1, 2024

Modified: Aug 26, 2024

PUBLISHED

Description

Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/caolan/async/blob/v3.2.5/lib/autoInject.js#L6

https://github.com/caolan/async/blob/v3.2.5/lib/autoInject.js#L41

https://github.com/zunak/CVE-2024-39249

https://github.com/zunak/CVE-2024-39249/issues/1

https://github.com/caolan/async/issues/1975#issuecomment-2204528153

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.