Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
References
Configurations
No configuration.
History
21 Oct 2024, 17:10
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
19 Oct 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-19 05:15
Updated : 2024-10-21 17:10
NVD link : CVE-2024-21536
Mitre link : CVE-2024-21536
CVE.ORG link : CVE-2024-21536
JSON object : View
Products Affected
No product.
CWE
CWE-400
Uncontrolled Resource Consumption