CVE-2026-56018
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-400
Consumo de recursos no controlado (Agotamiento de recursos)
Fecha de publicación:
29/06/2026
Última modificación:
30/06/2026
Descripción
*** Pendiente de traducción *** JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth.<br />
<br />
In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes without freeing their contents. Each token&#39;s contents buffer is therefore leaked on every call, and the two early returns taken when the node list is empty leak the whole NodeSet.<br />
<br />
A long-lived process that minifies repeatedly, such as an asset pipeline or a server-side minifier endpoint, grows in memory without bound until it exhausts available memory and is killed, causing denial of service.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA



