Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.
History

Wed, 04 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:advanced_cluster_security:4.6::el8

Fri, 01 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat trusted Profile Analyzer
CPEs cpe:/a:redhat:trusted_profile_analyzer:1.1::el9
Vendors & Products Redhat trusted Profile Analyzer

Tue, 01 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat advanced Cluster Security
CPEs cpe:/a:redhat:advanced_cluster_security:4.5::el8
Vendors & Products Redhat
Redhat advanced Cluster Security

Mon, 26 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-01T00:00:00

Updated: 2024-08-26T14:46:02.177Z

Reserved: 2024-06-21T00:00:00

Link: CVE-2024-39249

cve-icon Vulnrichment

Updated: 2024-08-02T04:19:20.645Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-01T20:15:02.877

Modified: 2024-11-21T09:27:22.130

Link: CVE-2024-39249

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-01T00:00:00Z

Links: CVE-2024-39249 - Bugzilla