CWE-248
AllowedUncaught Exception
Abstraction: Base · Status: Draft
An exception is thrown from a function, but it is not caught.
420 vulnerabilities reference this CWE, most recent first.
GHSA-F67Q-WR6W-23JQ
Vulnerability from github – Published: 2024-08-14 20:49 – Updated: 2025-12-20 05:28A wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts.
Details
Boa's implementation of AsyncGenerator makes the assumption that the state of an AsyncGenerator object cannot change while resolving a promise created by methods of AsyncGenerator such as %AsyncGeneratorPrototype%.next, %AsyncGeneratorPrototype%.return, or %AsyncGeneratorPrototype%.throw.
However, a carefully constructed code could trigger a state transition from a getter method for the promise's then property, which causes the engine to fail an assertion of this assumption, causing an uncaught exception. This could be used to create a Denial Of Service attack in applications that run arbitrary ECMAScript code provided by an external user.
Patches
Version 0.19.0 is patched to correctly handle this case.
Workarounds
Users unable to upgrade to the patched version would want to use std::panic::catch_unwind to ensure any exceptions caused by the engine don't impact the availability of the main application.
References
- https://github.com/boa-dev/boa/commit/69ea2f52ed976934bff588d6b566bae01be313f7
- https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "boa_engine"
},
"ranges": [
{
"events": [
{
"introduced": "0.16"
},
{
"fixed": "0.19.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-43367"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-14T20:49:51Z",
"nvd_published_at": "2024-08-15T21:15:17Z",
"severity": "HIGH"
},
"details": "A wrong assumption made when handling ECMAScript\u0027s `AsyncGenerator` operations can cause an uncaught exception on certain scripts.\n\n## Details\n\nBoa\u0027s implementation of `AsyncGenerator` makes the assumption that the state of an `AsyncGenerator` object cannot change while resolving a promise created by methods of `AsyncGenerator` such as `%AsyncGeneratorPrototype%.next`, `%AsyncGeneratorPrototype%.return`, or `%AsyncGeneratorPrototype%.throw`.\nHowever, a carefully constructed code could trigger a state transition from a getter method for the promise\u0027s `then` property, which causes the engine to fail an assertion of this assumption, causing an uncaught exception. This could be used to create a Denial Of Service attack in applications that run arbitrary ECMAScript code provided by an external user.\n\n## Patches\n\nVersion 0.19.0 is patched to correctly handle this case.\n\n## Workarounds\n\nUsers unable to upgrade to the patched version would want to use [`std::panic::catch_unwind`](https://doc.rust-lang.org/std/panic/fn.catch_unwind.html) to ensure any exceptions caused by the engine don\u0027t impact the availability of the main application.\n\n## References\n\n- https://github.com/boa-dev/boa/commit/69ea2f52ed976934bff588d6b566bae01be313f7\n- https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r",
"id": "GHSA-f67q-wr6w-23jq",
"modified": "2025-12-20T05:28:05Z",
"published": "2024-08-14T20:49:51Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq"
},
{
"type": "WEB",
"url": "https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43367"
},
{
"type": "WEB",
"url": "https://github.com/boa-dev/boa/commit/69ea2f52ed976934bff588d6b566bae01be313f7"
},
{
"type": "PACKAGE",
"url": "https://github.com/boa-dev/boa"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0444.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects"
}
GHSA-F9VX-6CFW-VGPG
Vulnerability from github – Published: 2023-04-19 21:30 – Updated: 2024-04-04 03:35In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753
{
"affected": [],
"aliases": [
"CVE-2023-21087"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-19T20:15:11Z",
"severity": "MODERATE"
},
"details": "In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753",
"id": "GHSA-f9vx-6cfw-vgpg",
"modified": "2024-04-04T03:35:57Z",
"published": "2023-04-19T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21087"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F9XV-Q969-PQX4
Vulnerability from github – Published: 2023-04-24 15:30 – Updated: 2023-05-03 18:36Uncaught Exception in GitHub repository eemeli/yaml starting at version 2.0.0-5 and prior to 2.2.2.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "yaml"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0-5"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-2251"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-24T18:05:30Z",
"nvd_published_at": "2023-04-24T15:15:08Z",
"severity": "HIGH"
},
"details": "Uncaught Exception in GitHub repository eemeli/yaml starting at version 2.0.0-5 and prior to 2.2.2.",
"id": "GHSA-f9xv-q969-pqx4",
"modified": "2023-05-03T18:36:52Z",
"published": "2023-04-24T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2251"
},
{
"type": "WEB",
"url": "https://github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba"
},
{
"type": "PACKAGE",
"url": "https://github.com/eemeli/yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncaught Exception in yaml"
}
GHSA-FFCV-V6PW-QHRP
Vulnerability from github – Published: 2024-10-08 22:18 – Updated: 2024-10-31 19:31Problem
Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account.
Solution
Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described.
Credits
Thanks to Hendrik Eichner who reported this issue and to TYPO3 core & security team members Oliver Hader and Benjamin Franzke who fixed the issue.
References
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"13.0.0"
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 12.4.20"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.21"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.5.39"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.4.45"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.46"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-34537"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-08T22:18:27Z",
"nvd_published_at": "2024-10-28T14:15:04Z",
"severity": "LOW"
},
"details": "### Problem\nDue to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account.\n\n### Solution\nUpdate to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described.\n\n### Credits\nThanks to Hendrik Eichner who reported this issue and to TYPO3 core \u0026 security team members Oliver Hader and Benjamin Franzke who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2024-011](https://typo3.org/security/advisory/typo3-core-sa-2024-001)\n",
"id": "GHSA-ffcv-v6pw-qhrp",
"modified": "2024-10-31T19:31:10Z",
"published": "2024-10-08T22:18:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34537"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3-CMS/backend"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-011"
},
{
"type": "WEB",
"url": "https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Denial of Service in TYPO3 Bookmark Toolbar"
}
GHSA-FFPF-5H29-W36W
Vulnerability from github – Published: 2024-03-21 06:33 – Updated: 2025-11-04 18:30A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
{
"affected": [],
"aliases": [
"CVE-2024-28835"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-21T06:15:45Z",
"severity": "MODERATE"
},
"details": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.",
"id": "GHSA-ffpf-5h29-w36w",
"modified": "2025-11-04T18:30:46Z",
"published": "2024-03-21T06:33:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28835"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2570"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2889"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-28835"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241122-0009"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/22/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/22/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FG9R-RH56-7JCV
Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.
{
"affected": [],
"aliases": [
"CVE-2025-20172"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-05T17:15:24Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.\n\nThis vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload.\u0026nbsp;\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.",
"id": "GHSA-fg9r-rh56-7jcv",
"modified": "2025-02-05T18:34:45Z",
"published": "2025-02-05T18:34:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20172"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FJGF-RC76-4X9P
Vulnerability from github – Published: 2025-07-17 21:01 – Updated: 2025-07-17 21:01Impact
A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.
Patches
Users should upgrade to 2.0.2
Workarounds
None
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "multer"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.4-lts.1"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-7338"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-17T21:01:54Z",
"nvd_published_at": "2025-07-17T16:15:35Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA vulnerability in Multer versions \u003e= 1.4.4-lts.1, \u003c 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.\n\n### Patches\n\nUsers should upgrade to `2.0.2`\n\n### Workarounds\n\nNone",
"id": "GHSA-fjgf-rc76-4x9p",
"modified": "2025-07-17T21:01:54Z",
"published": "2025-07-17T21:01:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7338"
},
{
"type": "WEB",
"url": "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b"
},
{
"type": "WEB",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/expressjs/multer"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Multer vulnerable to Denial of Service via unhandled exception from malformed request"
}
GHSA-FVPC-GQMR-784W
Vulnerability from github – Published: 2025-04-15 15:30 – Updated: 2025-04-15 15:30The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup.
{
"affected": [],
"aliases": [
"CVE-2025-32944"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T13:15:55Z",
"severity": "MODERATE"
},
"details": "The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.\u00a0\u00a0If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup.",
"id": "GHSA-fvpc-gqmr-784w",
"modified": "2025-04-15T15:30:53Z",
"published": "2025-04-15T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32944"
},
{
"type": "WEB",
"url": "https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/peertube-archive-persistent-dos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FW4P-36J9-RRJ3
Vulnerability from github – Published: 2020-09-03 20:25 – Updated: 2020-08-31 18:48Versions of sequelize prior to 4.44.4 are vulnerable to Denial of Service (DoS). The SQLite dialect fails to catch a TypeError exception for the results variable. The results value may be undefined and trigger the error on a .map call. This may allow attackers to submit malicious input that forces the exception and crashes the Node process.
The following proof-of-concept crashes the Node process:
const Sequelize = require('sequelize');
const sequelize = new Sequelize({
dialect: 'sqlite',
storage: 'database.sqlite'
});
const TypeError = sequelize.define('TypeError', {
name: Sequelize.STRING,
});
TypeError.sync({force: true}).then(() => {
return TypeError.create({name: "SELECT tbl_name FROM sqlite_master"});
});
Recommendation
Upgrade to version 4.44.4 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "sequelize"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.44.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:48:48Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Versions of `sequelize` prior to 4.44.4 are vulnerable to Denial of Service (DoS). The SQLite dialect fails to catch a `TypeError` exception for the `results` variable. The `results` value may be undefined and trigger the error on a `.map` call. This may allow attackers to submit malicious input that forces the exception and crashes the Node process. \n\nThe following proof-of-concept crashes the Node process: \n```\nconst Sequelize = require(\u0027sequelize\u0027);\n\nconst sequelize = new Sequelize({\n\tdialect: \u0027sqlite\u0027,\n\tstorage: \u0027database.sqlite\u0027\n});\n\nconst TypeError = sequelize.define(\u0027TypeError\u0027, {\n\tname: Sequelize.STRING,\n});\n\nTypeError.sync({force: true}).then(() =\u003e {\n\treturn TypeError.create({name: \"SELECT tbl_name FROM sqlite_master\"});\n});\n```\n\n\n## Recommendation\n\nUpgrade to version 4.44.4 or later.",
"id": "GHSA-fw4p-36j9-rrj3",
"modified": "2020-08-31T18:48:48Z",
"published": "2020-09-03T20:25:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sequelize/sequelize/pull/11877"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1142"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Denial of Service in sequelize"
}
GHSA-FX36-2W4H-PGPF
Vulnerability from github – Published: 2024-11-05 12:31 – Updated: 2024-11-05 12:31Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2024-51518"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T10:21:10Z",
"severity": "MODERATE"
},
"details": "Vulnerability of message types not being verified in the advanced messaging modul\nImpact: Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-fx36-2w4h-pgpf",
"modified": "2024-11-05T12:31:03Z",
"published": "2024-11-05T12:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51518"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2024/11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.