Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.
Metrics
Affected Vendors & Products
References
History
Wed, 04 Dec 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:advanced_cluster_security:4.6::el8 |
Fri, 01 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat trusted Profile Analyzer
|
|
CPEs | cpe:/a:redhat:trusted_profile_analyzer:1.1::el9 | |
Vendors & Products |
Redhat trusted Profile Analyzer
|
Tue, 01 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat advanced Cluster Security |
|
CPEs | cpe:/a:redhat:advanced_cluster_security:4.5::el8 | |
Vendors & Products |
Redhat
Redhat advanced Cluster Security |
Mon, 26 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-01T00:00:00
Updated: 2024-08-26T14:46:02.177Z
Reserved: 2024-06-21T00:00:00
Link: CVE-2024-39249
Vulnrichment
Updated: 2024-08-02T04:19:20.645Z
NVD
Status : Awaiting Analysis
Published: 2024-07-01T20:15:02.877
Modified: 2024-11-21T09:27:22.130
Link: CVE-2024-39249
Redhat