02url-querystring-http (>=1.0.1 <=1.0.4), 1-0-5-hai-aage-dekhte-hein-kya-aat-hai (>=1.0.5 <=1.0.6) +12531 more potentially affected by CVE-2022-24434 via dicer (>=0.1.2 <=0.3.1)

dicer NPM version =0.1.2, =1.0.1, =1.0.5, =1.0.0, =1.0.0, =1.0.0, =4.11.0, =1.0.0, =3.10.1, =3.11.0 and more Source cves: CVE-2022-24434 Source advisory: OSV:GHSA-WM7H-9275-46V2...

GHSA-WM7H-9275-46V2 Crash in HeaderParser in dicer

This affects all versions of the package dicer. A malicious attacker can send a modified form to the server and crash the Node.js service. A complete denial of service can be achieved by sending the malicious form in a loop...

org.webjars.npm:busboy (>=0.2.14 <=0.3.1) potentially affected by CVE-2022-24434 via org.webjars.npm:dicer (>=0.2.5 <=0.3.0)

org.webjars.npm:dicer MAVEN version =0.2.5, =0.2.14, =0.3.1 Source cves: CVE-2022-24434 Source advisory: OSV:GHSA-WM7H-9275-46V2...

dicer 安全漏洞

dicer is a very fast streaming multipart parser for mscdex individual developers. A security vulnerability exists in dicer. A malicious attacker can send modified forms to the server and crash the nodejs service. An attacker can send the payload over and over again, thus crashing the service over...

PT-2022-3610 · Dicer · Dicer

Name of the Vulnerable Software and Affected Versions: dicer versions all Description: The issue is related to the dicer package, where a malicious attacker can send a modified form to the server, causing the Node.js service to crash. By sending the payload repeatedly, an attacker can achieve a...

02url-querystring-http (>=1.0.1 <=1.0.4), 1-0-5-hai-aage-dekhte-hein-kya-aat-hai (>=1.0.5 <=1.0.6) +12531 more potentially affected by CVE-2022-24434 via dicer (>=0.1.2 <=0.3.1)

dicer NPM version =0.1.2, =1.0.1, =1.0.5, =1.0.0, =1.0.0, =1.0.0, =4.11.0, =1.0.0, =3.10.1, =3.11.0 and more Source cves: CVE-2022-24434 Source advisory: SNYK:JS-DICER-2311764...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. PoC await...