CVE-2020-24345: Out-of-bounds Write

August 13, 2020 (updated August 14, 2020)

JerryScript allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a).

References

github.com/jerryscript-project/jerryscript/issues/3977
nvd.nist.gov/vuln/detail/CVE-2020-24345

Detect and mitigate CVE-2020-24345 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →