Description
A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.
Remediation
References
https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917
Related Vulnerabilities
CVE-2021-21181 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-25900 Vulnerability in npm package git-clone
CVE-2022-3145 Vulnerability in npm package @okta/oidc-middleware
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-dao
CVE-2020-13920 Vulnerability in maven package org.apache.activemq:activemq-broker