CVE-2024-58102

An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://datalust.co/seq	Product
https://github.com/datalust/seq-tickets/issues/2086	Issue Tracking
https://github.com/datalust/seq-tickets/issues/2367	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-11 08:15

Updated : 2025-10-10 20:29

NVD link : CVE-2024-58102

Mitre link : CVE-2024-58102

CVE.ORG link : CVE-2024-58102

JSON object : View

Products Affected

datalust

seq

CWE

CWE-674

Uncontrolled Recursion

{"id": "CVE-2024-58102", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-11T08:15:10.917", "references": [{"url": "https://datalust.co/seq", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/datalust/seq-tickets/issues/2086", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://github.com/datalust/seq-tickets/issues/2367", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Datalust Seq antes de 2024.3.13545. Un l\u00edmite de profundidad de an\u00e1lisis predeterminado inseguro permite el consumo de la pila al analizar consultas proporcionadas por el usuario que contienen expresiones profundamente anidadas."}], "lastModified": "2025-10-10T20:29:09.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBFB8DE4-1528-498F-A553-99520A5788F8", "versionEndExcluding": "2024.3.13545"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}