Vue parseHTML function vulnerability
CVE-2024-9506

3.7LOW

Key Information:

Vendor: Vue
Status: Vue
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-9506?

A vulnerability exists in the Vue Framework's parseHTML function due to an improper implementation of regular expressions. This issue can result in a potential denial of service, allowing attackers to exploit the function through crafted input. Attackers may leverage this vulnerability to cause excessive consumption of resources, impacting application availability. Proper implementation and rigorous input validation are essential to mitigate security risks associated with this vulnerability.

Affected Version(s)

vue 2.0.0 <= 2.7.16

References

https://www.herodevs.com/vulnerability-directory/cve-2024...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 3, 2024

Credit

CVE-2024-9506 Data

JSON