CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-21521: All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to...

7.5 CVSS

Description

All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.

Classification

CVE ID: CVE-2024-21521

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

Affected Products

Vendor: n/a

Product: @discordjs/opus

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.96% (scored less or equal to compared to others)

EPSS Date: 2025-02-24 (when was this score calculated)

References

https://security.snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-6370643
https://github.com/discordjs/opus/blob/814e500c2785c5207ace19650192629beba2728b/src/node-opus.cc%23L47
https://gist.github.com/dellalibera/98c48fd74bb240adbd7841a5c02aba9e

Timeline

2025-01-27 00:30:08 UTC
CVE

All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to...