← back
CVE-2024-21526

CVE-2024-21526

CVSS 7.5 HIGHEPSS 0.6%CWE-241CWE-400
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
Affected products
n/a · speaker

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676