You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
CVE-2022-24434 - High Severity Vulnerability
Vulnerable Library - dicer-0.3.0.tgz
A very fast streaming multipart parser for node.js
Library home page: https://registry.npmjs.org/dicer/-/dicer-0.3.0.tgz
Path to dependency file: /GraphqlType-API-Registration/package.json
Path to vulnerable library: /node_modules/dicer/package.json
Dependency Hierarchy:
Found in HEAD commit: ddbf6735cb305c07ce82a0faefa069bd89b7581f
Found in base branch: master
Vulnerability Details
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
Publish Date: 2022-05-20
URL: CVE-2022-24434
CVSS 3 Score Details (7.5)
Base Score Metrics:
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: