Vulnerability Details CVE-2022-24434
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/mscdex/busboy/issues/250
- https://github.com/mscdex/dicer/pull/22
- https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
- https://snyk.io/vuln/SNYK-JS-DICER-2311764
- https://github.com/mscdex/busboy/issues/250
- https://github.com/mscdex/dicer/pull/22
- https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
- https://snyk.io/vuln/SNYK-JS-DICER-2311764
Products affected by CVE-2022-24434
-
cpe:2.3:a:dicer_project:dicer:-
-
cpe:2.3:a:dicer_project:dicer:0.0.1
-
cpe:2.3:a:dicer_project:dicer:0.0.2
-
cpe:2.3:a:dicer_project:dicer:0.0.3
-
cpe:2.3:a:dicer_project:dicer:0.0.4
-
cpe:2.3:a:dicer_project:dicer:0.0.5
-
cpe:2.3:a:dicer_project:dicer:0.1.0
-
cpe:2.3:a:dicer_project:dicer:0.1.1
-
cpe:2.3:a:dicer_project:dicer:0.1.2
-
cpe:2.3:a:dicer_project:dicer:0.1.3
-
cpe:2.3:a:dicer_project:dicer:0.1.4
-
cpe:2.3:a:dicer_project:dicer:0.1.5
-
cpe:2.3:a:dicer_project:dicer:0.1.6
-
cpe:2.3:a:dicer_project:dicer:0.2.0
-
cpe:2.3:a:dicer_project:dicer:0.2.1
-
cpe:2.3:a:dicer_project:dicer:0.2.2
-
cpe:2.3:a:dicer_project:dicer:0.2.3
-
cpe:2.3:a:dicer_project:dicer:0.2.4
-
cpe:2.3:a:dicer_project:dicer:0.2.5
-
cpe:2.3:a:dicer_project:dicer:0.3.0
-
cpe:2.3:a:dicer_project:dicer:0.3.1