GHSA-3HJG-VC7R-RCRW Denial of Service vulnerability in @podium/layout and @podium/proxy

Impact An attacker using the Trailer header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. Patches @podium/layout which is the main way developers/users are vulnerable to this...

@podium/layout (>=2.5.1 <=5.0.0-next.1), @podium/podlet (>=3.0.0 <=5.0.0-next.1) +1 more potentially affected by CVE-2022-24822 via @podium/proxy (>=2.4.4 <=4.2.73)

@podium/proxy NPM version =2.4.4, =2.5.1, =3.0.0, =1.0.0, =2.4.1 Source cves: CVE-2022-24822 Source advisory: OSV:GHSA-3HJG-VC7R-RCRW...

Design/Logic Flaw

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

CVE-2022-24822 Denial of Service in @podium/layout and @podium/proxy

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

Finn.no Podium 安全漏洞

Finn.no Podium is a library for building micro front ends from Finn.no Norway. A security vulnerability in Finn.no Podium layout prior to 4.6.110 and Podium proxy prior to 4.2.74 allows an attacker to shut down a server using the Trailer header as part of a request to the proxy endpoint...