Security
Headlines

Headlines Latest CVEs

Headline

GHSA-mp3g-vpm9-9vqv: @fastly/js-compute has a use-after-free in some host call implementations

Impact

The implementation of the following functions were determined to include a use-after-free bug:

FetchEvent.client.tlsCipherOpensslName
FetchEvent.client.tlsProtocol
FetchEvent.client.tlsClientCertificate
FetchEvent.client.tlsJA3MD5
FetchEvent.client.tlsClientHello
CacheEntry.prototype.userMetadata of the fastly:cache subsystem
Device.lookup of the fastly:device subsystem

This bug could allow for an unintended data leak if the result of the preceding functions were sent anywhere else, and often results in a Compute service crash causing an HTTP 500 error to be returned. As all requests to Compute are isolated from one another, the only data at risk is data present for a single request.

Patches

This bug has been fixed in version 3.16.0 of the @fastly/js-compute package.

Workarounds

There are no workarounds for this bug, any use of the affected functions introduces the possibility of a data leak or crash in guest code.

4 months ago

#nodejs #js #git #ssl

GitHub Advisory Database
GitHub Reviewed
CVE-2024-38375

@fastly/js-compute has a use-after-free in some host call implementations

Moderate severity GitHub Reviewed Published Jun 26, 2024 in fastly/js-compute-runtime • Updated Jun 26, 2024

Package

npm @fastly/js-compute (npm)

Affected versions

>= 3.0.0, < 3.16.0

Impact

The implementation of the following functions were determined to include a use-after-free bug:

FetchEvent.client.tlsCipherOpensslName
FetchEvent.client.tlsProtocol
FetchEvent.client.tlsClientCertificate
FetchEvent.client.tlsJA3MD5
FetchEvent.client.tlsClientHello
CacheEntry.prototype.userMetadata of the fastly:cache subsystem
Device.lookup of the fastly:device subsystem

This bug could allow for an unintended data leak if the result of the preceding functions were sent anywhere else, and often results in a Compute service crash causing an HTTP 500 error to be returned. As all requests to Compute are isolated from one another, the only data at risk is data present for a single request.

Patches

This bug has been fixed in version 3.16.0 of the @fastly/js-compute package.

Workarounds

There are no workarounds for this bug, any use of the affected functions introduces the possibility of a data leak or crash in guest code.

References

GHSA-mp3g-vpm9-9vqv
fastly/js-compute-runtime@4e16641

Published to the GitHub Advisory Database

Jun 26, 2024

Last updated

Jun 26, 2024

ghsa: Latest News

GHSA-fpm5-2wcj-vfr7: codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

1 hour ago

GHSA-f3f8-vx3w-hp5q: codechecker vulnerable to authentication bypass when using specifically crafted URLs

1 hour ago

GHSA-p7mv-53f2-4cwj: CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

1 hour ago

GHSA-96g7-g7g9-jxw8: happy-dom allows for server side code to be executed by a <script> tag

2 hours ago

GHSA-qq5c-677p-737q: Symfony vulnerable to command execution hijack on Windows with Process class

2 hours ago