WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-9242 Vulnerability in npm package ecstatic

Description

Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

Remediation

References

https://bugs.chromium.org/p/v8/issues/detail?id=4640

https://github.com/jfhbrook/node-ecstatic/pull/179

https://nodesecurity.io/advisories/64

Related Vulnerabilities

CVE-2020-2295 Vulnerability in maven package org.jkva.maven-plugins:cascading-release-maven-plugin

CVE-2022-36076 Vulnerability in npm package nodebb

CVE-2019-17267 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2020-13973 Vulnerability in maven package com.mikesamuel:json-sanitizer

CVE-2022-45207 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Issue Tracking Third Party Advisory