DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-21536

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-21536

CGA ID

CGA-2fx5-9fp8-79mf

Severity

7.5

High

CVSS V3

Description

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images