How severe is CVE-2024-39702?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-39702?

This is classified as CWE-407, which is a common weakness in software security.

CVE-2024-39702

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-407

View all →

Vulnerability Description

In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected.

CVE-2024-29916

MEDIUM

CVSS:5.6(Medium)

The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired ...

CWE-4072024

CVE-2022-36021

MEDIUM

CVSS:5.5(Medium)

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attac...

CWE-4072022

CVE-2023-36810

MEDIUM

CVSS:6.5(Medium)

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected l...

CWE-4072023

CVE-2020-27223

MEDIUM

CVSS:5.3(Medium)

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameter...

CWE-4072020

CVE-2020-3548

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attack...

CWE-4072020

CVE-2024-12133

MEDIUM

CVSS:5.3(Medium)

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down ...

CWE-4072024

CVE-2024-39702

Vulnerability Description

Related Vulnerabilities

CVE-2024-29916

CVE-2022-36021

CVE-2023-36810

CVE-2020-27223

CVE-2020-3548

CVE-2024-12133