1135 matches found
USN-7084-2: pip vulnerability
USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use...
Denial Of Service (DoS)
http-proxy-middleware is vulnerable to Denial of Service DoS. The vulnerability is due to an unhandled promise rejection error caused by micromatch, which can allow an attacker to crash the server by making requests to certain paths...
CVE-2024-21536
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service DoS due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain path...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +31091 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=0.10.0 <=2.0.6)
http-proxy-middleware NPM version =0.10.0, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic...
GHSA-C7QV-Q95Q-8V27 Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
@amazeelabs/publisher (>=2.4.28 <=2.5.8), @angular-devkit/build-angular (>=18.0.0 <=19.0.0-next.9) +60 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=3.0.0 <=3.0.2)
http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =3.11.0-beta.6, =1.1.0, =0.0.26, =0.0.26, =8.0.0, =9.0.0-canary.203 and more Source cves: CVE-2024-21536 Source advisor...
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
CVE-2024-21536 affects http-proxy-middleware: versions before 2.0.7, and 3.0.0–before 3.0.3, are vulnerable to DoS due to an unhandled rejection in micromatch that can crash a Node.js server. The fix is in 2.0.7 (and 3.x later 3.0.3). Remediate by upgrading to a version containing the fix (e.g., ...
@amazeelabs/publisher (>=2.4.28 <=2.5.8), @angular-devkit/build-angular (>=18.0.0 <=19.0.0-next.9) +60 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=3.0.0 <=3.0.2)
http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =3.11.0-beta.6, =1.1.0, =0.0.26, =0.0.26, =8.0.0, =9.0.0-canary.203 and more Source cves: CVE-2024-21536 Source advisor...
@alfresco/adf-testing (=6.0.0-A.2-8258), @aller/svelte-components (>=1.5.1 <=1.5.17) +207 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=2.0.0 <=2.0.6)
http-proxy-middleware NPM version =2.0.0, =1.5.1, =2.0.0, =17.0.0, =9.3.0, =2.3.1, =1.92.0, =1.0.1, =1.0.10, =1015.132.0, =0.0.1, =1.2.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-21536 Source advisory: SNYK:JS-HTTPPROXYMIDDLEWARE-8229906...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. PoC 1 Run a server like this: js const express =...
PT-2024-18950 · Unknown +1 · Http-Proxy-Middleware +2
Content removed...
CVE-2024-20490
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...
CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...
CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...
CVE-2024-20490
The CVE-2024-20490 issue affects Cisco Nexus Dashboard Fabric Controller (NDFC) and Nexus Dashboard Orchestrator (NDO). Root cause: HTTP proxy credentials can be recorded in internal logs stored in tech support files, exposing admin credentials in clear text when those files are accessed. Impact:...