High severityNVD Advisory· Published Jul 21, 2022· Updated Aug 3, 2024
CVE-2022-36313
CVE-2022-36313
Description
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
file-typenpm | >= 13.0.0, < 16.5.4 | 16.5.4 |
file-typenpm | >= 17.0.0, < 17.1.3 | 17.1.3 |
Affected products
2- Node.js/file-typedescription
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-mhxj-85r3-2x55ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36313ghsaADVISORY
- github.com/sindresorhus/file-type/commit/2c4d1200c99dffb7d515b9b9951ef43c22bf7e47ghsaWEB
- github.com/sindresorhus/file-type/commit/8f981c32e2750d2516457e305e502ee2ad715759ghsaWEB
- github.com/sindresorhus/file-type/commit/d86835680f4cccbee1a60628783c36700ec9e254ghsaWEB
- github.com/sindresorhus/file-type/compare/v12.4.2...v13.0.0ghsaWEB
- github.com/sindresorhus/file-type/releases/tag/v16.5.4ghsax_refsource_CONFIRMWEB
- github.com/sindresorhus/file-type/releases/tag/v17.1.3ghsax_refsource_CONFIRMWEB
- security.netapp.com/advisory/ntap-20220909-0005ghsaWEB
- security.netapp.com/advisory/ntap-20220909-0005/mitrex_refsource_CONFIRM
- security.snyk.io/vuln/SNYK-JS-FILETYPE-2958042ghsaWEB
- www.npmjs.com/package/file-typeghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.