Vulnerability CVE-2024-21526


Published: 2024-07-10

Description:
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.

 References:
https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676
https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc6e12aa9dc/src/binding.c%23L48

Copyright 2024, cxsecurity.com

 

Back to Top