Base Score

LOW3.7

CVE-2024-9506

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.

VectorNETWORK

Published By36c7be3b-2937-45df-85ea-ca7133ea542c

Published DateOct 15, 2024, 16:15

Affected Versions(1)

vue(npm)

Introduced2.0.0-alpha.1

Fixed3.0.0-alpha.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
vue(npm)	2.0.0-alpha.1	3.0.0-alpha.0	N/A

Weakness Type (CWE):CWE-1333

CVSS Metrics

Base Score

3.7

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

https://www.herodevs.com/vulnerability-directory/cve-2024-9506

Base Score

LOW3.7

Weakness Type (CWE):CWE-1333

CVSS Metrics

Base Score

3.7

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW