Use After Free Affecting bellard/quickjs package, versions [0,]
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (9th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-BELLARDQUICKJS-6672136
- published 23 Apr 2024
- disclosed 23 Apr 2024
- credit anbu1024
Introduced: 23 Apr 2024
New CVE-2023-48184 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
Affected versions of this package are vulnerable to Use After Free due to incorrect garbage collection of async functions with closures. An attacker can execute arbitrary code by exploiting this vulnerability.