3 matches found
3rr (>=0.0.1 <=0.0.2), @apatheticwes/trigger (>=0.1.0 <=0.2.0) +561 more potentially affected by CVE-2019-10775 via ecstatic (>=0.1.6 <=2.1.0)
ecstatic NPM version =0.1.6, =0.0.1, =0.1.0, =3.0.0-beta.45, =1.0.0, =0.2.3, =0.2.1, =1.0.0, =0.1.1, =0.0.1, =1.0.0, =2.1.1 and more Source cves: CVE-2019-10775 Source advisory: OSV:GHSA-9Q64-MPXX-87FG...
Denial of Service (DoS)
Overview ecstatic is a simple static file server middleware. Use it with a raw http server, express/connect or on the CLI. Affected versions of this package are vulnerable to Denial of Service DoS. It is possible to crash a server using the package due to the way URL params parsing is handled...
ecstatic npm package denial of service vulnerability
ecstatic npm package is a static file server middleware. A denial of service vulnerability exists in the lib/ecstatic.js file in versions of ecstatic npm package prior to 2.0.0. A remote attacker can exploit this vulnerability to cause a denial of service overload and crash by passing a malicious...