Описание
Crash in HeaderParser in dicer
This affects all versions of the package dicer. A malicious attacker can send a modified form to the server and crash the Node.js service. A complete denial of service can be achieved by sending the malicious form in a loop.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-24434
- https://github.com/mscdex/busboy/issues/250
- https://github.com/mscdex/dicer/pull/22
- https://github.com/mscdex/dicer/commit/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
- https://snyk.io/vuln/SNYK-JS-DICER-2311764
Пакеты
dicer
<= 0.3.1
Отсутствует
org.webjars.npm:dicer
<= 0.3.0
Отсутствует
Связанные уязвимости
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
This affects all versions of package dicer. A malicious attacker can s ...
Уязвимость парсера потоковой передачи dicer, связанная c некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании