Denial Of Service (DoS)

🗓️ 22 Jul 2022 05:15:55Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 32 Views

The 'FileTypeParser' function in 'core.js' is vulnerable to denial of service due to lack of input sanitization, allowing an attacker to crash the application by sending an mkv file

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2022-36313	21 Jul 202216:15	–	attackerkb
Circl	CVE-2022-36313	21 Jul 202220:18	–	circl
CNNVD	Node.js 安全漏洞	21 Jul 202200:00	–	cnnvd
CVE	CVE-2022-36313	21 Jul 202215:31	–	cve
Cvelist	CVE-2022-36313	21 Jul 202215:31	–	cvelist
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module file-type (CVE-2022-36313)	8 Nov 202211:07	–	ibm
EUVD	EUVD-2022-6377	3 Oct 202520:07	–	euvd
Github Security Blog	file-type vulnerable to Infinite Loop via malformed MKV file	22 Jul 202200:00	–	github
NVD	CVE-2022-36313	21 Jul 202216:15	–	nvd
OSV	GHSA-MHXJ-85R3-2X55 file-type vulnerable to Infinite Loop via malformed MKV file	22 Jul 202200:00	–	osv

Vulners

Node

file-type_project file-typeRange17.0.0–17.1.2js

file-type_project file-typeRange13.0.0–16.5.3js

Source	Link
github	www.github.com/sindresorhus/file-type/releases/tag/v16.5.4
github	www.github.com/sindresorhus/file-type/commit/d86835680f4cccbee1a60628783c36700ec9e254
github	www.github.com/sindresorhus/file-type/releases/tag/v17.1.3
github	www.github.com/sindresorhus/file-type/commit/2c4d1200c99dffb7d515b9b9951ef43c22bf7e47
github	www.github.com/advisories/GHSA-mhxj-85r3-2x55
security	www.security.netapp.com/advisory/ntap-20220909-0005/
npmjs	www.npmjs.com/package/file-type

27 Oct 2022 14:15Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.5

EPSS0.00171