Overview
- Description
- Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
- Source
- report@snyk.io
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- report@snyk.io
- CWE-400
Social media
- Hype score
- Not currently trending
CVE-2024-21536 Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection … https://t.co/rPQUzOcBBW
@CVEnew
710 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21536 Denial of Service Vulnerability in http-proxy-middleware Exploits Node.js Crashes The package http-proxy-middleware, before version 2.0.7 and versions from 3.0.0 to before 3.0.3, is vulnerable to D... https://t.co/jW9BCjzmmK
@VulmonFeeds
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1C31D2C-0CB7-4D28-8658-42632A65F7F3",
"versionEndExcluding": "2.0.7"
},
{
"criteria": "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A89EB4F5-1978-4172-A52D-8504F87E110E",
"versionEndExcluding": "3.0.3",
"versionStartIncluding": "3.0.0"
}
],
"operator": "OR"
}
]
}
]