npm package
ecstatic
pkg:npm/ecstatic
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10775 | — | < 4.1.3 | 4.1.3 | Jan 2, 2020 | ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application. | ||
| CVE-2015-9242 | Hig | 7.5 | < 1.4.0 | 1.4.0 | May 29, 2018 | Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header. | |
| CVE-2016-10703 | Hig | 7.5 | < 2.0.0 | 2.0.0 | Dec 14, 2017 | A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string. |
- CVE-2019-10775Jan 2, 2020affected < 4.1.3fixed 4.1.3
ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.
- affected < 1.4.0fixed 1.4.0
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.
- affected < 2.0.0fixed 2.0.0
A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.