DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-43380

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-43380

CGA ID

CGA-4q2m-h864-w9w4

Severity

7.5

High

CVSS V3

Description

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images