Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
http-proxy-middleware 安全漏洞
Vulnerability Description
http-proxy-middleware是用于 connect、express、next.js 等的 Node.js http 代理中间件。 http-proxy-middleware 2.0.7之前版本和3.0.0版本至3.0.3之前版本存在安全漏洞。攻击者利用该漏洞可以导致系统崩溃。
CVSS Information
N/A
Vulnerability Type
N/A