216.73.216.133

CVE-2024-21536

· Published 19/10/2024 05:15 · Modified 01/11/2024 18:03

Labels: CVE-2024-21536 2024-10-19CVE-2024-21536CWE-400NVD-CWE-noinfo[email protected]

Essential information

Published
19/10/2024 05:15
Modified
01/11/2024 18:03
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
chimurai / http-proxy-middleware cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*
chimurai / http-proxy-middleware cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*

References