VDB
CVE-2024-21539
CVE-2024-21539
PUBLISHED
CVSS 7.5 HIGH
Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.
EPSS 0.21% · 43.8th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
EPSS Score
0.21%
43.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | @eslint/plugin-kit | 0 |
| eslint | plugin-kit | 0 |
| eslint | rewrite | 0 |
Timeline
- Nov 15, 2024 CVE Published
- Nov 19, 2024 CVE Updated
- Nov 19, 2024 EPSS Score
- Nov 19, 2024 Coalition ESS Score
- Nov 19, 2024 Coalition ESS Score
- Dec 7, 2024 EPSS Score
- Dec 25, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 4, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
References
- https://security.snyk.io/vuln/SNYK-JS-ESLINTPLUGINKIT-8340627 url
- https://github.com/eslint/rewrite/commit/071be842f0bd58de4863cdf2ab86d60f49912abf url
- https://github.com/eslint/rewrite/security/advisories/GHSA-7q7g-4xm8-89cq url
- https://nvd.nist.gov/vuln/detail/CVE-2024-21539 advisory
- https://github.com/eslint/rewrite package