[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-24806":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":84,"related":85,"reserved_at":9,"published_at":115,"modified_at":116,"state":117,"summary":118,"references_raw":126,"kevs":178,"epss":179,"epss_history":182,"metrics":448,"affected":456},"CVE-2024-24806","libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-918","Server-Side Request Forgery (SSRF)","The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-664","Server Side Request Forgery",[],[24],{"_key":25,"name":26,"source":27,"url":28,"maturity":29,"reliability_score":30,"verified":31,"type":9,"platforms":32,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_LIBUV_LIBUV","Libuv","github","https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6","poc",0.3,false,[],[],[],[36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82],{"_key":37},"ALPINE-CVE-2024-24806",{"_key":39},"SUSE-SU-2024:1307-1",{"_key":41},"SUSE-SU-2024:1309-1",{"_key":43},"SUSE-SU-2024:0644-1",{"_key":45},"SUSE-SU-2024:0728-1",{"_key":47},"SUSE-SU-2024:0729-1",{"_key":49},"SUSE-SU-2024:0731-1",{"_key":51},"SUSE-SU-2024:0732-1",{"_key":53},"SUSE-SU-2024:0733-1",{"_key":55},"SUSE-SU-2024:0643-1",{"_key":57},"SUSE-SU-2024:0730-1",{"_key":59},"SUSE-SU-2024:1301-1",{"_key":61},"SUSE-SU-2024:4109-1",{"_key":63},"OPENSUSE-SU-2024:13697-1",{"_key":65},"OPENSUSE-SU-2024:13818-1",{"_key":67},"DLA-3752-1",{"_key":69},"DSA-5638-1",{"_key":71},"RHSA-2024:4247",{"_key":73},"RHSA-2024:4756",{"_key":75},"RHSA-2024:8132",{"_key":77},"MGASA-2024-0079",{"_key":79},"USN-6666-1",{"_key":81},"UBUNTU-CVE-2024-24806",{"_key":83},"DEBIAN-CVE-2024-24806",[],[86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,103,105,107,109,111,113],{"_key":39},{"_key":41},{"_key":77},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":102},"CGA-4FV2-86V6-C2CQ",{"_key":104},"CGA-FR56-QRC9-JMW9",{"_key":106},"CGA-G8RP-CF48-Q84V",{"_key":108},"CGA-P7XV-CX35-M83G",{"_key":110},"CGA-QC4M-85C7-56G6",{"_key":112},"CGA-R683-GV3C-XW6Q",{"_key":114},"CGA-H6RV-QFMQ-RX67","2024-02-07T21:44:33.566Z","2025-06-17T14:17:09.153Z","Modified",{"cisa_kev":31,"cisa_ransomware":31,"cisa_vendor":9,"epss_severity":119,"epss_score":120,"severity":121,"severity_score":122,"severity_version":123,"severity_source":124,"severity_vector":125,"severity_status":117},"low",0.002,"high",7.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",[127,134,140,144,148,152,158,162,166,170,174],{"url":28,"sources":128,"tags":130},[124,129],"nvd",[131,132,133],"X Refsource CONFIRM","Exploit","Vendor Advisory",{"url":135,"sources":136,"tags":137},"https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629",[124,129],[138,139],"X Refsource MISC","Patch",{"url":141,"sources":142,"tags":143},"https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70",[124,129],[138,139],{"url":145,"sources":146,"tags":147},"https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488",[124,129],[138,139],{"url":149,"sources":150,"tags":151},"https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39",[124,129],[138,139],{"url":153,"sources":154,"tags":155},"http://www.openwall.com/lists/oss-security/2024/02/08/2",[124,129],[156,157],"Mailing List","Third Party Advisory",{"url":159,"sources":160,"tags":161},"http://www.openwall.com/lists/oss-security/2024/02/11/1",[124,129],[156,157],{"url":163,"sources":164,"tags":165},"https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html",[124,129],[],{"url":167,"sources":168,"tags":169},"http://www.openwall.com/lists/oss-security/2024/03/11/1",[124,129],[],{"url":171,"sources":172,"tags":173},"https://security.netapp.com/advisory/ntap-20240605-0008/",[124,129],[],{"url":175,"sources":176,"tags":177},"https://gitlab.kitware.com/cmake/cmake/-/issues/26112",[124,129],[],[],{"date":180,"score":120,"percentile":181},"2026-06-04",0.41971,[183,187,190,193,196,199,202,205,208,211,214,217,219,222,224,228,231,234,238,241,244,247,250,253,256,259,262,265,269,272,275,278,281,284,287,290,292,295,298,301,304,306,309,311,314,317,320,323,326,329,331,333,336,339,342,345,348,350,353,356,359,362,365,368,371,373,376,379,382,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427,430,433,436,439,442,445],{"date":184,"score":185,"percentile":186},"2025-11-04",0.00142,0.35027,{"date":188,"score":185,"percentile":189},"2025-11-05",0.35012,{"date":191,"score":185,"percentile":192},"2025-11-06",0.35008,{"date":194,"score":185,"percentile":195},"2025-11-07",0.35029,{"date":197,"score":185,"percentile":198},"2025-11-08",0.35025,{"date":200,"score":185,"percentile":201},"2025-11-09",0.35009,{"date":203,"score":185,"percentile":204},"2025-11-10",0.34977,{"date":206,"score":185,"percentile":207},"2025-11-11",0.35006,{"date":209,"score":185,"percentile":210},"2025-11-12",0.35048,{"date":212,"score":185,"percentile":213},"2025-11-13",0.35061,{"date":215,"score":185,"percentile":216},"2025-11-14",0.35064,{"date":218,"score":185,"percentile":213},"2025-11-15",{"date":220,"score":185,"percentile":221},"2025-11-16",0.35036,{"date":223,"score":185,"percentile":189},"2025-11-17",{"date":225,"score":226,"percentile":227},"2025-11-18",0.01691,0.80731,{"date":229,"score":226,"percentile":230},"2025-11-19",0.80732,{"date":232,"score":226,"percentile":233},"2025-11-20",0.80737,{"date":235,"score":236,"percentile":237},"2025-11-21",0.00148,0.35894,{"date":239,"score":236,"percentile":240},"2025-11-22",0.35896,{"date":242,"score":236,"percentile":243},"2025-11-23",0.35863,{"date":245,"score":236,"percentile":246},"2025-11-24",0.35843,{"date":248,"score":236,"percentile":249},"2025-11-25",0.35844,{"date":251,"score":236,"percentile":252},"2025-11-26",0.35842,{"date":254,"score":236,"percentile":255},"2025-11-27",0.35853,{"date":257,"score":236,"percentile":258},"2025-11-28",0.35831,{"date":260,"score":236,"percentile":261},"2025-11-29",0.35812,{"date":263,"score":236,"percentile":264},"2025-11-30",0.35799,{"date":266,"score":267,"percentile":268},"2025-12-01",0.0024,0.47289,{"date":270,"score":267,"percentile":271},"2025-12-02",0.47303,{"date":273,"score":267,"percentile":274},"2025-12-03",0.47297,{"date":276,"score":236,"percentile":277},"2025-12-04",0.35789,{"date":279,"score":236,"percentile":280},"2025-12-05",0.35819,{"date":282,"score":236,"percentile":283},"2025-12-06",0.35807,{"date":285,"score":236,"percentile":286},"2025-12-07",0.35777,{"date":288,"score":236,"percentile":289},"2025-12-08",0.35791,{"date":291,"score":236,"percentile":258},"2025-12-09",{"date":293,"score":236,"percentile":294},"2025-12-10",0.35887,{"date":296,"score":236,"percentile":297},"2025-12-11",0.35913,{"date":299,"score":236,"percentile":300},"2025-12-12",0.35946,{"date":302,"score":236,"percentile":303},"2025-12-13",0.35924,{"date":305,"score":236,"percentile":240},"2025-12-14",{"date":307,"score":236,"percentile":308},"2025-12-15",0.35857,{"date":310,"score":236,"percentile":294},"2025-12-16",{"date":312,"score":236,"percentile":313},"2025-12-17",0.35935,{"date":315,"score":236,"percentile":316},"2025-12-18",0.35977,{"date":318,"score":236,"percentile":319},"2025-12-19",0.35994,{"date":321,"score":236,"percentile":322},"2025-12-20",0.35975,{"date":324,"score":236,"percentile":325},"2025-12-21",0.35922,{"date":327,"score":236,"percentile":328},"2025-12-22",0.35898,{"date":330,"score":236,"percentile":237},"2025-12-23",{"date":332,"score":236,"percentile":294},"2025-12-24",{"date":334,"score":236,"percentile":335},"2025-12-25",0.35948,{"date":337,"score":236,"percentile":338},"2025-12-26",0.35927,{"date":340,"score":236,"percentile":341},"2025-12-27",0.35943,{"date":343,"score":236,"percentile":344},"2025-12-28",0.3585,{"date":346,"score":236,"percentile":347},"2025-12-29",0.35822,{"date":349,"score":236,"percentile":261},"2025-12-30",{"date":351,"score":236,"percentile":352},"2025-12-31",0.3587,{"date":354,"score":267,"percentile":355},"2026-01-01",0.47418,{"date":357,"score":267,"percentile":358},"2026-01-02",0.47395,{"date":360,"score":267,"percentile":361},"2026-01-03",0.4738,{"date":363,"score":236,"percentile":364},"2026-01-04",0.35833,{"date":366,"score":236,"percentile":367},"2026-01-05",0.35814,{"date":369,"score":236,"percentile":370},"2026-01-06",0.35825,{"date":372,"score":236,"percentile":252},"2026-01-07",{"date":374,"score":236,"percentile":375},"2026-01-08",0.35873,{"date":377,"score":236,"percentile":378},"2026-01-09",0.35869,{"date":380,"score":236,"percentile":381},"2026-01-10",0.35874,{"date":383,"score":236,"percentile":384},"2026-01-11",0.35854,{"date":386,"score":236,"percentile":387},"2026-01-12",0.35793,{"date":389,"score":236,"percentile":390},"2026-01-13",0.35778,{"date":392,"score":236,"percentile":393},"2026-01-14",0.35828,{"date":395,"score":236,"percentile":396},"2026-01-15",0.35815,{"date":398,"score":236,"percentile":399},"2026-01-16",0.35834,{"date":401,"score":236,"percentile":402},"2026-01-17",0.35818,{"date":404,"score":236,"percentile":405},"2026-01-18",0.35759,{"date":407,"score":236,"percentile":408},"2026-01-19",0.35718,{"date":410,"score":236,"percentile":411},"2026-01-20",0.35699,{"date":413,"score":236,"percentile":414},"2026-01-21",0.3568,{"date":416,"score":236,"percentile":417},"2026-01-22",0.35666,{"date":419,"score":236,"percentile":420},"2026-01-23",0.35724,{"date":422,"score":236,"percentile":423},"2026-01-24",0.35733,{"date":425,"score":236,"percentile":426},"2026-01-25",0.35679,{"date":428,"score":236,"percentile":429},"2026-01-26",0.3561,{"date":431,"score":236,"percentile":432},"2026-01-27",0.35605,{"date":434,"score":236,"percentile":435},"2026-01-28",0.35584,{"date":437,"score":236,"percentile":438},"2026-01-29",0.35555,{"date":440,"score":236,"percentile":441},"2026-01-30",0.35549,{"date":443,"score":236,"percentile":444},"2026-01-31",0.3556,{"date":446,"score":267,"percentile":447},"2026-02-01",0.47217,[449,454],{"source":124,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":450,"cvss_v4_0":9},{"baseScore":122,"baseSeverity":451,"vectorString":125,"impactScore":452,"exploitabilityScore":453},"HIGH",5.7,10,{"source":129,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":455,"cvss_v4_0":9},{"baseScore":122,"baseSeverity":451,"vectorString":125,"impactScore":452,"exploitabilityScore":453},[457],{"ecosystem":9,"name":458,"vendor":458,"product":458,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"libuv","a",[461,468],{"version":462,"is_range":463,"range_type":124,"version_start":464,"version_start_type":465,"version_end":466,"version_end_type":467,"fixed_in":9},">= 1.45.0, \u003C 1.48.0",true,"1.45.0","including","1.48.0","excluding",{"version":469,"is_range":463,"range_type":470,"version_start":471,"version_start_type":465,"version_end":466,"version_end_type":467,"fixed_in":9},"gte1.24.0_lt1.48.0","cpe","1.24.0"]