What is CVE-2024-38375?

CVE-2024-38375 is a medium-severity vulnerability in Fastly Js-compute-runtime, classified under Use After Free. CVSS score: 5.3/10. Published 2024-06-26.

How severe is CVE-2024-38375?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Use After Free in Fastly Js-compute-runtime

CVE-2024-38375

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the resu…

Vulnerability class: Use-After-Free

EPSS: 0.001 (30.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H.

Affected products

Fastly Js-compute-runtime — versions >= 3.0.0, < 3.16.0

Weakness classification (CWE)

CWE-416 — Use After Free

References

https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv (x_refsource_CONFIRM)
https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-38375?: CVE-2024-38375 is a medium-severity vulnerability in Fastly Js-compute-runtime, classified under Use After Free. CVSS score: 5.3/10. Published 2024-06-26.
How severe is CVE-2024-38375?: Medium severity. CVSS v3 base score is 5.3 out of 10.