How severe is CVE-2024-4068?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-4068?

This is classified as CWE-1050, which is a common weakness in software security.

CVE-2024-4068

HIGH Year: 2024

CVSS v3 Score

7.5

High

Weakness Type

CWE-1050

View all →

Vulnerability Description

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

CVE-2021-41039

HIGH

CVSS:7.5(High)

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possi...

CWE-10502021

CVE-2023-1390

HIGH

CVSS:7.5(High)

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in t...

CWE-10502023

CVE-2025-47947

HIGH

CVSS:7.5(High)

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special cas...

CWE-10502025

CVE-2019-11254

MEDIUM

CVSS:6.5(Medium)

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to co...

CWE-10502019