<p>Upgrade <code>v8/v8</code> to version 12.5.37 or higher.</p>

Type Confusion Affecting v8/v8 package, versions [,12.5.37)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Social Trends Trending on Twitter

EPSS 0.05% (15^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-UNMANAGED-V8V8-6672130
published 23 Apr 2024
disclosed 26 Mar 2024
credit Manfred Paul

Report a new vulnerability Found a mistake?

Introduced: 26 Mar 2024

CVE-2024-2887 Open this link in a new tab CWE-843 Open this link in a new tab

How to fix?

Upgrade v8/v8 to version 12.5.37 or higher.

Overview

Affected versions of this package are vulnerable to Type Confusion due to a flaw in the WebAssembly component. An attacker can execute arbitrary code on the victim's machine by convincing them to visit a maliciously crafted HTML page.