CVE-2024-27088

NONE

es5-ext 0.10.0-0.10.62 - Inefficient Regular Expression Complexity in function#copy and function#toStringTokens

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-27088. PoCs published by 200101WhoAmI.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2024-27088, a ReDoS vulnerability in the 'es5-ext' Node.js package. The exploit demonstrates excessive backtracking in a regex pattern when processing maliciously crafted input, leading to high CPU usage.

Description

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.

Exploits (1)

nomisec WORKING POC
by 200101WhoAmI · poc
https://github.com/200101WhoAmI/CVE-2024-27088

This repository contains a proof-of-concept for CVE-2024-27088, a ReDoS vulnerability in the 'es5-ext' Node.js package. The exploit demonstrates excessive backtracking in a regex pattern when processing maliciously crafted input, leading to high CPU usage.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: es5-ext (versions before 0.10.63)
No auth needed
Prerequisites: Node.js environment · es5-ext package installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 0.0
EPSS 0.0200
EPSS Percentile 84.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1333 CWE-400
Status published
Products (2)
medikoo/es5-ext 0.10.0 - 0.10.63
npm/es5-ext 0.10.0 - 0.10.63npm
Published Feb 26, 2024
Tracked Since Feb 18, 2026