WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-9242 Vulnerability in npm package ecstatic

Description

Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

Remediation

References

https://bugs.chromium.org/p/v8/issues/detail?id=4640

https://github.com/jfhbrook/node-ecstatic/pull/179

https://nodesecurity.io/advisories/64

Related Vulnerabilities

CVE-2021-32620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2020-4075 Vulnerability in maven package org.webjars.npm:electron

CVE-2018-1000830 Vulnerability in maven package com.github.goxr3plus:xr3player

CVE-2018-20676 Vulnerability in npm package bootstrap

CVE-2021-27807 Vulnerability in maven package org.apache.pdfbox:pdfbox

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Issue Tracking Third Party Advisory