CVE-2024-9506

LOW

NPM Vue < 3.0.0-alpha.0 - Denial of Service

Title source: rule

Description

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.

Exploits (1)

nomisec WORKING POC 17 stars
by bio · poc
https://github.com/bio/vue-template-compiler-patched

References (1)

Scores

CVSS v3 3.7
EPSS 0.0003
EPSS Percentile 7.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-1333
Status published
Products (2)
npm/vue 2.0.0-alpha.1 - 3.0.0-alpha.0npm
vue/vue 2.0.0 - 2.7.16
Published Oct 15, 2024
Tracked Since Feb 18, 2026