Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 06 Jun 2025 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_data_foundation:4.14::el9
cpe:/a:redhat:openshift_data_foundation:4.15::el9
cpe:/a:redhat:openshift_data_foundation:4.16::el9

Thu, 22 May 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Data Foundation
CPEs cpe:/a:redhat:openshift_data_foundation:4.17::el9
Vendors & Products Redhat openshift Data Foundation

Thu, 20 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhdh
CPEs cpe:/a:redhat:rhdh:1.3::el9
Vendors & Products Redhat rhdh

Wed, 04 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:advanced_cluster_security:4.6::el8

Fri, 01 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat trusted Profile Analyzer
CPEs cpe:/a:redhat:trusted_profile_analyzer:1.1::el9
Vendors & Products Redhat trusted Profile Analyzer

Tue, 01 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat advanced Cluster Security
CPEs cpe:/a:redhat:advanced_cluster_security:4.5::el8
Vendors & Products Redhat
Redhat advanced Cluster Security

Mon, 26 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-26T14:46:02.177Z

Reserved: 2024-06-21T00:00:00

Link: CVE-2024-39249

cve-icon Vulnrichment

Updated: 2024-08-02T04:19:20.645Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-01T20:15:02.877

Modified: 2024-11-21T09:27:22.130

Link: CVE-2024-39249

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-01T00:00:00Z

Links: CVE-2024-39249 - Bugzilla

cve-icon OpenCVE Enrichment

No data.