CVE-2024-21526 – speaker

Package

Manager: npm
Name: speaker
Vulnerable Version: >=0 <=0.5.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00059 pctl0.18421

Details

speaker vulnerable to Denial of Service All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.

Metadata

Created: 2024-07-10T06:33:52Z
Modified: 2024-07-11T17:25:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-w5fc-gj3h-26rx/GHSA-w5fc-gj3h-26rx.json
CWE IDs: ["CWE-241", "CWE-400"]
Alternative ID: GHSA-w5fc-gj3h-26rx
Finding: F002
Auto approve: 1