Vulnerability in Yves Sereal::encoder

CVE-2024-14031

Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race co…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

Affected products

Yves Sereal::encoder — versions 4.000

Weakness classification (CWE)

CWE-1395

References

github.com/advisories/GHSA-w77f-wv46-4vcx (vendor-advisory)
www.cve.org/CVERecord (vendor-advisory)
metacpan.org/release/YVES/Sereal-Encoder-4.010/changes (release-notes)