{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55578?format=json","vulnerability_id":"VCID-s94g-6gy5-pued","summary":"es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.","aliases":[{"alias":"CVE-2024-27088"},{"alias":"GHSA-4gmj-3p3h-gm8h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96345?format=json","purl":"pkg:deb/debian/node-es5-ext@0.10.64%2Bdfsg1%2B~1.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-es5-ext@0.10.64%252Bdfsg1%252B~1.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96344?format=json","purl":"pkg:deb/debian/node-es5-ext@0.10.64%2Bdfsg1%2B~1.1.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-es5-ext@0.10.64%252Bdfsg1%252B~1.1.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/29330?format=json","purl":"pkg:npm/es5-ext@0.10.63","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/es5-ext@0.10.63"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96342?format=json","purl":"pkg:deb/debian/node-es5-ext@0.10.53%2B~1.1.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-s94g-6gy5-pued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-es5-ext@0.10.53%252B~1.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96343?format=json","purl":"pkg:deb/debian/node-es5-ext@0.10.62%2Bdfsg1%2B~1.1.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-s94g-6gy5-pued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-es5-ext@0.10.62%252Bdfsg1%252B~1.1.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/29329?format=json","purl":"pkg:npm/es5-ext@0.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-s94g-6gy5-pued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/es5-ext@0.10.0"}],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064933","reference_id":"1064933","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064933"},{"reference_url":"https://github.com/medikoo/es5-ext/issues/201","reference_id":"201","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:21:09Z/"}],"url":"https://github.com/medikoo/es5-ext/issues/201"},{"reference_url":"https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2","reference_id":"3551cdd7b2db08b1632841f819d008757d28e8e2","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:21:09Z/"}],"url":"https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2"},{"reference_url":"https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602","reference_id":"a52e95736690ad1d465ebcd9791d54570e294602","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:21:09Z/"}],"url":"https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27088","reference_id":"CVE-2024-27088","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27088"},{"reference_url":"https://github.com/advisories/GHSA-4gmj-3p3h-gm8h","reference_id":"GHSA-4gmj-3p3h-gm8h","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4gmj-3p3h-gm8h"},{"reference_url":"https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h","reference_id":"GHSA-4gmj-3p3h-gm8h","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:21:09Z/"}],"url":"https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h"}],"weaknesses":[{"cwe_id":400,"name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."},{"cwe_id":1333,"name":"Inefficient Regular Expression Complexity","description":"The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles."}],"exploits":[],"severity_range_score":"0.0 - 3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s94g-6gy5-pued"}