A vulnerability, which was classified as problematic, was found in Async up to 2.6.4/3.2.5. Affected is the function autoinject. The manipulation leads to inefficient regular expression complexity.

This vulnerability is traded as CVE-2024-39249. The attack can only be done within the local network. There is no exploit available.