High severityNVD Advisory· Published May 20, 2022· Updated Sep 16, 2024
Denial of Service (DoS)
CVE-2022-24434
Description
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dicernpm | <= 0.3.1 | — |
org.webjars.npm:dicerMaven | <= 0.3.0 | — |
Affected products
3- dicer/dicerdescription
- ghsa-coords2 versions
<= 0.3.0+ 1 more
- (no CPE)range: <= 0.3.0
- (no CPE)range: <= 0.3.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-wm7h-9275-46v2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24434ghsaADVISORY
- github.com/mscdex/busboy/issues/250ghsax_refsource_MISCWEB
- github.com/mscdex/dicer/commit/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dacghsaWEB
- github.com/mscdex/dicer/pull/22ghsax_refsource_MISCWEB
- github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dacmitrex_refsource_MISC
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-DICER-2311764ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.