CVE-2026-42570

ADVISORY - github

Summary

devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-770⁠

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories

GitHub

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY IDGHSA-77vg-94rm-hx3p⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-770⁠

CVSS SCORE

7.5high