CVE-2024-34075: kurwov vulnerable to Denial of Service due to improper data sanitization
An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly.
References
- github.com/advisories/GHSA-hfrv-h3q8-9jpr
- github.com/xiboon/kurwov
- github.com/xiboon/kurwov/blob/0d58dfa42135ab40e830e92622857282f980ca89/src/MarkovData.ts
- github.com/xiboon/kurwov/commit/85d63e652594f121d6656177d7a3c0d823c976c9
- github.com/xiboon/kurwov/security/advisories/GHSA-hfrv-h3q8-9jpr
- nvd.nist.gov/vuln/detail/CVE-2024-34075
Detect and mitigate CVE-2024-34075 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →