WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-9242 Vulnerability in npm package ecstatic

Description

Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

Remediation

References

https://bugs.chromium.org/p/v8/issues/detail?id=4640

https://github.com/jfhbrook/node-ecstatic/pull/179

https://nodesecurity.io/advisories/64

Related Vulnerabilities

CVE-2020-24164 Vulnerability in maven package com.taoensso:nippy

CVE-2020-36732 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js

CVE-2020-10688 Vulnerability in maven package org.jboss.resteasy:resteasy-core

CVE-2022-29577 Vulnerability in maven package org.owasp:antisamy

CVE-2020-26938 Vulnerability in npm package oauth2-server

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Issue Tracking Third Party Advisory