CVE-2024-21526

CVSS 7.5 HIGHEPSS 0.6%CWE-241 CWE-400

All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

Produtos afetados

n/a · speaker

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48 https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676