CVE-2024-21536

CVSS V2 None CVSS V3 None

Description

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

Overview

CVE ID
CVE-2024-21536

Assigner
snyk

Vulnerability Status
PUBLISHED

Published Version
2024-10-19T05:00:04.056Z

Last Modified Date
2024-10-19T05:00:04.056Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

References

Reference URL	Reference Tags
https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906
https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a
https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22
https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-21536
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21536

History

Created	Old Value	New Value	Data Type	Notes
2024-10-19 13:26:31				Added to TrackCVE