CVE-2024-55565 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
mitre	CNA	---				---
CISA-ADP	ADP	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Debian Releases

Debian Product

Codename

node-mocha

bullseye	vulnerable
bullseye (security)	8.2.1+ds1+~cs29.4.27-3+deb11u1 fixed
bookworm	10.1.0+ds1+~cs29.3.1-1 fixed
forky	10.7.2+ds1+~cs33.1.11-2 fixed
trixie	10.7.2+ds1+~cs33.1.11-2 fixed
sid	11.7.2+ds1+~cs36.3.14-2 fixed

node-postcss

bullseye	vulnerable
bullseye (security)	8.2.1+~cs5.3.23-8+deb11u1 fixed
bookworm	8.4.20+~cs8.0.23-1+deb12u1 fixed
trixie	8.4.49+~cs9.2.32-1 fixed
forky	8.5.6+~cs9.3.28-1 fixed
sid	8.5.6+~cs9.3.28-1 fixed

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://github.com/ai/nanoid/compare/3.3.7...3.3.8

https://github.com/ai/nanoid/pull/510

https://github.com/ai/nanoid/releases/tag/5.0.9

https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html

https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html