Lucene search
JFROGCVE-2023-2968HistoryMay 30, 2023 - 6:15 p.m.
CVE-2023-2968
2023-05-3018:15:09
CWE-232
JFROG
web.nvd.nist.gov
32
cve-2023-2968
remote attacker
denial of service
crafted
http request
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
54.1%
A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.
Affected configurations
Node
proxy_projectproxyMatch2.0.0node.js
ORproxy_projectproxyMatch2.1.1node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| proxy_project | proxy | 2.0.0 | cpe:2.3:a:proxy_project:proxy:2.0.0:*:*:*:*:node.js:*:* |
| proxy_project | proxy | 2.1.1 | cpe:2.3:a:proxy_project:proxy:2.1.1:*:*:*:*:node.js:*:* |
CNA Affected
[
{
"collectionURL": "https://www.npmjs.com",
"packageName": "proxy",
"versions": [
{
"lessThan": "2.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
veracode
veracode
Denial Of Service (DoS)
2023-06-02 07:50:22
prion
prion
Code injection
2023-05-30 18:15:00
osv
osv
proxy denial of service vulnerability
2023-05-30 18:30:23
cvelist
cvelist
nvd
nvd
CVE-2023-2968
2023-05-30 18:15:09
github
github
proxy denial of service vulnerability
2023-05-30 18:30:23
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
54.1%
Related for CVE-2023-2968