Vulnerability in source-map-support Package Allow Directory Traversal
CVE-2024-21540

7.5HIGH

Key Information:

Vendor: package source-map-support
Status: Source-map-support
Vendor: CVE Published:; 13 November 2024

🔔 Create package source-map-support Vulnerability Alert

What is CVE-2024-21540?

This vulnerability pertains to an issue with the source map support library used in JavaScript applications. Although deemed non-threating in practical scenarios, it could potentially lead to improper code mapping and debugging complications, making it harder for developers to diagnose code execution problems. The lack of a realistic attack scenario minimizes immediate risks, yet it is crucial for developers to remain vigilant and ensure coding practices are robust against emerging threats.

Affected Version(s)

source-map-support 0

References

https://security.snyk.io/vuln/SNYK-JS-SOURCEMAPSUPPORT-61...

https://gist.github.com/mcoimbra/0f889d69b39c1c09aa6a8c00...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2024
Vulnerability Reserved
Dec 22, 2023

Credit

Miguel Coimbra