VYPR
High severityNVD Advisory· Published Oct 19, 2024· Updated Oct 21, 2024

CVE-2024-21536

CVE-2024-21536

Description

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
http-proxy-middlewarenpm
< 2.0.72.0.7
http-proxy-middlewarenpm
>= 3.0.0, < 3.0.33.0.3

Affected products

42

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.