<p>Upgrade <code>v8/v8</code> to version 12.5.6 or higher.</p>

Improper Restriction of Operations within the Bounds of a Memory Buffer Affecting v8/v8 package, versions [,12.5.6)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.06% (25^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-UNMANAGED-V8V8-6672127
published 23 Apr 2024
disclosed 6 Apr 2024
credit Zhenghang Xiao

Report a new vulnerability Found a mistake?

Introduced: 6 Apr 2024

New CVE-2024-3156 Open this link in a new tab CWE-119 Open this link in a new tab

How to fix?

Upgrade v8/v8 to version 12.5.6 or higher.

Overview

Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer due to an inappropriate implementation in the V8 engine. An attacker can potentially perform out of bounds memory access by crafting a malicious HTML page.