CVE-2024-21526
speaker vulnerable to Denial of Service
7.5
HIGH
CVSS 3.1
EPSS 0.09%
Description
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.
How to fix CVE-2024-21526
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2024-21526 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 0.5.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |