GHSA-c7qv-q95q-8v27
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c7qv-q95q-8v27
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-c7qv-q95q-8v27/GHSA-c7qv-q95q-8v27.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c7qv-q95q-8v27
- Aliases
- Published
- 2024-10-19T06:30:30Z
- Modified
- 2024-10-22T20:12:19.343040Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Denial of service in http-proxy-middleware
- Details
-
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
- Database specific
{ "nvd_published_at": "2024-10-19T05:15:13Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-10-22T19:47:41Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-21536
- https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5
- https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22
- https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a
- https://github.com/chimurai/http-proxy-middleware
- https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906
Affected packages
npm / http-proxy-middleware
Package
- Name
- http-proxy-middleware
- View open source insights on deps.dev
- Purl
- pkg:npm/http-proxy-middleware
npm / http-proxy-middleware
Package
- Name
- http-proxy-middleware
- View open source insights on deps.dev
- Purl
- pkg:npm/http-proxy-middleware