52 matches found
@amazeelabs/publisher (>=2.4.28 <=2.5.8), @angular-devkit/build-angular (>=18.0.0 <=19.0.0-next.9) +60 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=3.0.0 <=3.0.2)
http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =3.11.0-beta.6, =1.1.0, =0.0.26, =0.0.26, =8.0.0, =9.0.0-canary.203 and more Source cves: CVE-2024-21536 Source advisor...
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
CVE-2024-21536 affects http-proxy-middleware: versions before 2.0.7, and 3.0.0–before 3.0.3, are vulnerable to DoS due to an unhandled rejection in micromatch that can crash a Node.js server. The fix is in 2.0.7 (and 3.x later 3.0.3). Remediate by upgrading to a version containing the fix (e.g., ...
@amazeelabs/publisher (>=2.4.28 <=2.5.8), @angular-devkit/build-angular (>=18.0.0 <=19.0.0-next.9) +60 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=3.0.0 <=3.0.2)
http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =3.11.0-beta.6, =1.1.0, =0.0.26, =0.0.26, =8.0.0, =9.0.0-canary.203 and more Source cves: CVE-2024-21536 Source advisor...
@alfresco/adf-testing (=6.0.0-A.2-8258), @aller/svelte-components (>=1.5.1 <=1.5.17) +207 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=2.0.0 <=2.0.6)
http-proxy-middleware NPM version =2.0.0, =1.5.1, =2.0.0, =17.0.0, =9.3.0, =2.3.1, =1.92.0, =1.0.1, =1.0.10, =1015.132.0, =0.0.1, =1.2.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-21536 Source advisory: SNYK:JS-HTTPPROXYMIDDLEWARE-8229906...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. PoC 1 Run a server like this: js const express =...
PT-2024-18950 · Unknown +1 · Http-Proxy-Middleware +2
Content removed...
MAL-2024-1164 Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69515fe4abb4869b5999b249c8de31a55fd23bda38e3bd9de3c58c5c245bc5b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...