CVE-2024-58102

An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://datalust.co/seq	Product
https://github.com/datalust/seq-tickets/issues/2086	Issue Tracking
https://github.com/datalust/seq-tickets/issues/2367	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*

History

10 Oct 2025, 20:29

Type	Values Removed	Values Added
References	~~() https://datalust.co/seq -~~	() https://datalust.co/seq - Product
References	~~() https://github.com/datalust/seq-tickets/issues/2086 -~~	() https://github.com/datalust/seq-tickets/issues/2086 - Issue Tracking
References	~~() https://github.com/datalust/seq-tickets/issues/2367 -~~	() https://github.com/datalust/seq-tickets/issues/2367 - Issue Tracking, Vendor Advisory
Summary		(es) Se descubrió un problema en Datalust Seq antes de 2024.3.13545. Un límite de profundidad de análisis predeterminado inseguro permite el consumo de la pila al analizar consultas proporcionadas por el usuario que contienen expresiones profundamente anidadas.
CPE		cpe:2.3:a:datalust:seq::::::::
First Time		Datalust seq Datalust

11 Mar 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-11 08:15

Updated : 2025-10-10 20:29

NVD link : CVE-2024-58102

Mitre link : CVE-2024-58102

CVE.ORG link : CVE-2024-58102

JSON object : View

Products Affected

datalust

seq

CWE

CWE-674

Uncontrolled Recursion

{"id": "CVE-2024-58102", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-11T08:15:10.917", "references": [{"url": "https://datalust.co/seq", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/datalust/seq-tickets/issues/2086", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/datalust/seq-tickets/issues/2367", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Datalust Seq antes de 2024.3.13545. Un l\u00edmite de profundidad de an\u00e1lisis predeterminado inseguro permite el consumo de la pila al analizar consultas proporcionadas por el usuario que contienen expresiones profundamente anidadas."}], "lastModified": "2025-10-10T20:29:09.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBFB8DE4-1528-498F-A553-99520A5788F8", "versionEndExcluding": "2024.3.13545"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}