Vulnerability in Yves Sereal::decoder

CVE-2024-14030

Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race co…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

Affected products

Yves Sereal::decoder — versions 4.000

Weakness classification (CWE)

CWE-1395

References

github.com/advisories/GHSA-w77f-wv46-4vcx (vendor-advisory)
www.cve.org/CVERecord (vendor-advisory)
metacpan.org/release/YVES/Sereal-Decoder-4.010/changes (release-notes)