Jsdiff

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-24001 HIGH PATCH This Week

Denial-of-service in jsdiff versions prior to 8.0.3, 5.2.2, 4.0.4, and 3.5.1 allows unauthenticated remote attackers to crash applications by providing maliciously crafted patches with line break characters in filename headers, triggering an infinite loop that exhausts system memory. Applications calling parsePatch with user-supplied input are vulnerable regardless of input size restrictions. A patch is available for all affected versions.

Denial Of Service Jsdiff Redhat

NVD GitHub VulDB

CVSS 3.1

7.5

EPSS

0.0%

CVE-2026-24001

EPSS 0% CVSS 7.5

HIGH PATCH This Week

Denial-of-service in jsdiff versions prior to 8.0.3, 5.2.2, 4.0.4, and 3.5.1 allows unauthenticated remote attackers to crash applications by providing maliciously crafted patches with line break characters in filename headers, triggering an infinite loop that exhausts system memory. Applications calling parsePatch with user-supplied input are vulnerable regardless of input size restrictions. A patch is available for all affected versions.

Denial Of Service Jsdiff Redhat

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy