CVE-2024-43367: Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
(updated )
A wrong assumption made when handling ECMAScript’s AsyncGenerator operations can cause an uncaught exception on certain scripts.
References
- github.com/advisories/GHSA-f67q-wr6w-23jq
- github.com/boa-dev/boa
- github.com/boa-dev/boa/commit/69ea2f52ed976934bff588d6b566bae01be313f7
- github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq
- github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
- nvd.nist.gov/vuln/detail/CVE-2024-43367
- rustsec.org/advisories/RUSTSEC-2024-0444.html
Code Behaviors & Features
Detect and mitigate CVE-2024-43367 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →