We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-21536



Description

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

Reserved 2023-12-22 | Published 2024-10-19 | Updated 2024-10-21 | Assigner snyk


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

Problem types

Denial of Service (DoS)

Credits

Marc Hassan

References

security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906

gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a

github.com/...ommit/788b21e4aff38332d6319557d4a5b1b13b1f9a22

github.com/...ommit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5

cve.org (CVE-2024-21536)

nvd.nist.gov (CVE-2024-21536)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21536

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.