Описание
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
Ссылки
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- ProductThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 16.5.4 (исключая)Версия от 17.0.0 (включая) до 17.1.3 (исключая)
Одно из
cpe:2.3:a:file-type_project:file-type:*:*:*:*:*:node.js:*:*
cpe:2.3:a:file-type_project:file-type:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 31%
0.00119
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-835
Связанные уязвимости
CVSS3: 5.5
redhat
больше 3 лет назад
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
CVSS3: 7.5
github
больше 3 лет назад
file-type vulnerable to Infinite Loop via malformed MKV file
EPSS
Процентиль: 31%
0.00119
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-835