1138 matches found
Malicious code in n-http-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c13801d43d60af89b56b44fb645f8cd6e571abf340332c2d4031b29aab946043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10989 Malicious code in n-http-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c13801d43d60af89b56b44fb645f8cd6e571abf340332c2d4031b29aab946043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2024-49502
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
USN-7084-2: pip vulnerability
USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use...
Denial Of Service (DoS)
http-proxy-middleware is vulnerable to Denial of Service DoS. The vulnerability is due to an unhandled promise rejection error caused by micromatch, which can allow an attacker to crash the server by making requests to certain paths...
CVE-2024-21536
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service DoS due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain path...
GHSA-C7QV-Q95Q-8V27 Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +31091 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=0.10.0 <=2.0.6)
http-proxy-middleware NPM version =0.10.0, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic...
@amazeelabs/publisher (>=2.4.28 <=2.5.8), @angular-devkit/build-angular (>=18.0.0 <=19.0.0-next.9) +60 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=3.0.0 <=3.0.2)
http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =3.11.0-beta.6, =1.1.0, =0.0.26, =0.0.26, =8.0.0, =9.0.0-canary.203 and more Source cves: CVE-2024-21536 Source advisor...
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...
CVE-2024-21536
CVE-2024-21536 affects http-proxy-middleware: versions before 2.0.7, and 3.0.0–before 3.0.3, are vulnerable to DoS due to an unhandled rejection in micromatch that can crash a Node.js server. The fix is in 2.0.7 (and 3.x later 3.0.3). Remediate by upgrading to a version containing the fix (e.g., ...
@amazeelabs/publisher (>=2.4.28 <=2.5.8), @angular-devkit/build-angular (>=18.0.0 <=19.0.0-next.9) +60 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=3.0.0 <=3.0.2)
http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =3.11.0-beta.6, =1.1.0, =0.0.26, =0.0.26, =8.0.0, =9.0.0-canary.203 and more Source cves: CVE-2024-21536 Source advisor...
@alfresco/adf-testing (=6.0.0-A.2-8258), @aller/svelte-components (>=1.5.1 <=1.5.17) +207 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=2.0.0 <=2.0.6)
http-proxy-middleware NPM version =2.0.0, =1.5.1, =2.0.0, =17.0.0, =9.3.0, =2.3.1, =1.92.0, =1.0.1, =1.0.10, =1015.132.0, =0.0.1, =1.2.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-21536 Source advisory: SNYK:JS-HTTPPROXYMIDDLEWARE-8229906...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. PoC 1 Run a server like this: js const express =...
PT-2024-18950 · Unknown +1 · Http-Proxy-Middleware +2
Content removed...
CVE-2024-20490
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...