Описание
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
Ссылки
- ExploitThird Party Advisory
- Patch
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.7 (исключая)Версия от 3.0.0 (включая) до 3.0.3 (исключая)
Одно из
cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*
cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00354
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
redhat
больше 1 года назад
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
CVSS3: 7.5
debian
больше 1 года назад
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 ...
EPSS
Процентиль: 57%
0.00354
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
NVD-CWE-noinfo