CVE-2024-38375

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3
https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv
https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3
https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv

Configurations

No configuration.

History

21 Nov 2024, 09:25

Type	Values Removed	Values Added
References	~~() https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3 -~~	() https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3 -
References	~~() https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv -~~	() https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv -

27 Jun 2024, 12:47

Type	Values Removed	Values Added
Summary		(es) @fastly/js-compute es un SDK de JavaScript y un tiempo de ejecución para crear aplicaciones Fastly Compute. Se determinó que la implementación de varias funciones incluía un error de use after free. Este error podría permitir la pérdida de datos no intencionada si el resultado de las funciones anteriores se enviara a cualquier otro lugar y, a menudo, resulta en una trampa de invitados que hace que los servicios devuelvan un 500. Este error se solucionó en la versión 3.16.0 de `@fastly/ Paquete js-compute`.F2937

26 Jun 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-26 19:15

Updated : 2024-11-21 09:25

NVD link : CVE-2024-38375

Mitre link : CVE-2024-38375

CVE.ORG link : CVE-2024-38375

JSON object : View

Products Affected

No product.

CWE

CWE-416

Use After Free

5.3 /10