CVE-2024-21536

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-21536

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21536.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21536

Aliases

GHSA-c7qv-q95q-8v27

Related

CGA-h47m-287p-r23r

Published

2024-10-19T05:15:13.097Z

Modified

2026-02-09T05:18:17.927115Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

References

Affected packages

Git / github.com/chimurai/http-proxy-middleware

Affected ranges

Type: GIT
Repo: https://github.com/chimurai/http-proxy-middleware
Events: Fixed

0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5

Fixed

1e9233909839962bb3c1980848ad499b4757a71d

Introduced

84bfa46fc7174f46b9f24c1e7a7a1a977f0993f3

Fixed

43f38836b5ff00a6e46ae357dfd071361fa93ca1

Fixed

788b21e4aff38332d6319557d4a5b1b13b1f9a22

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.1-beta.0

v3.0.1-beta.1

v3.0.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21536.json"