Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception due to an error event thrown by busboy. An attacker can cause a full nodejs application to crash by sending a specially crafted multi-part upload request. PoC javascript const express = require'express' const multer =...

org.webjars.npm:busboy (>=0.2.14 <=0.3.1) potentially affected by CVE-2022-24434 via org.webjars.npm:dicer (>=0.2.5 <=0.3.0)

org.webjars.npm:dicer MAVEN version =0.2.5, =0.2.14, =0.3.1 Source cves: CVE-2022-24434 Source advisory: OSV:GHSA-WM7H-9275-46V2...

Node.js: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests

Summary: Node.js is vulnerable to HTTP denial of service DOS attacks based on delayed requests submission which can make the server unable to accept new connections. Description: An attacker can open an arbitrary number of HTTP connections and keep the server busy by never completing the request...

Node.js third-party modules: Prototype pollution in multipart parsing

I would like to report a prototype pollution attack in fastify-multipart it allows to crash a remote server parsing multipart requests by sending a specially crafted request. Module module name: fastify-multipart version: all versions before Detailed steps to reproduce with all required...