How severe is CVE-2024-22025?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-22025?

This is classified as CWE-404, which is a common weakness in software security.

CVE-2024-22025

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-404

View all →

Vulnerability Description

A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.

CVE-2013-1054

MEDIUM

CVSS:6.5(Medium)

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initializ...

CWE-4042013

CVE-2019-15302

MEDIUM

CVSS:6.5(Medium)

The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a tr...

CWE-4042019

CVE-2020-0414

MEDIUM

CVSS:6.5(Medium)

In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with ...

CWE-4042020

CVE-2020-14307

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a r...

CWE-4042020

CVE-2020-4325

MEDIUM

CVSS:6.5(Medium)

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams inform...

CWE-4042020

CVE-2021-4280

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in styler_praat_scripts. It has been classified as problematic. Affected is an unknown function of the file file_segmenter.praat of the component Slash Handler. The manipulat...

CWE-4042021

CVE-2024-22025

Vulnerability Description

Related Vulnerabilities

CVE-2013-1054

CVE-2019-15302

CVE-2020-0414

CVE-2020-14307

CVE-2020-4325

CVE-2021-4280