CVE-2022-24434

Published: 20/05/2022 Updated: 07/06/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dicer project dicer

Steps Setup Signup for an Azure Subscription Create the Service Principal for use with Terraform Add the SP as a contributor to the subscription update the template envps1 file with ARM_SUBSCRIPTION_ID, ARM_TENANT_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET and run the script Download terraform and configure the binary into the PATH variable cd infra and then run terraform init run

NVD-CWE-noinfo https://snyk.io/vuln/SNYK-JS-DICER-2311764 https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac https://github.com/mscdex/dicer/pull/22 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865 https://github.com/mscdex/busboy/issues/250 https://nvd.nist.gov https://github.com/sebcoles/waf_rule_testing_example

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-24434

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect