Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in HeaderParser in dicer #83

Closed
1 of 4 tasks
TheKingTermux opened this issue Jun 23, 2022 · 0 comments · Fixed by #439
Closed
1 of 4 tasks

Crash in HeaderParser in dicer #83

TheKingTermux opened this issue Jun 23, 2022 · 0 comments · Fixed by #439
Labels
Auto Create Issues Label for Auto Created Issues High This label for Security Severity only Security Label for Security Issues Solved Label for solved issues / Pr
Milestone
Alice 1.0.6

Comments

@TheKingTermux
Copy link
Owner

TheKingTermux commented Jun 23, 2022
edited
Loading

Description

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. A complete denial of service can be achived by sending the malicious form in a loop.

Severity

  • Low
  • Moderate
  • High
  • Critical

7.5 / 10

CVSS base metrics

  • Attack vector
    Network

  • Attack complexity
    Low

  • Privileges required
    None

  • User interaction
    None

  • Scope
    Unchanged

  • Confidentiality
    None

  • Integrity
    None

  • Availability
    High

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  • Weaknesses
    CWE-248

  • CVE ID
    CVE-2022-24434

  • GHSA ID
    GHSA-wm7h-9275-46v2

Information

  • Package
    dicer (npm)
  • Affected versions
    <= 0.3.1
  • Patched version
    None

References
@TheKingTermux TheKingTermux added Security Label for Security Issues Auto Create Issues Label for Auto Created Issues labels Aug 15, 2022
@TheKingTermux TheKingTermux added this to the Alice 1.0.6 milestone Sep 21, 2022
@github-actions github-actions bot added no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days and removed no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days labels Nov 21, 2022
@TheKingTermux TheKingTermux added the do-not-autoclose Make bot can't close an Issues or PRs label Jan 5, 2023
@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Mar 6, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 14, 2023
@TheKingTermux TheKingTermux reopened this Mar 14, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Mar 14, 2023
Repository owner deleted a comment from github-actions bot Mar 17, 2023
Repository owner deleted a comment from github-actions bot Mar 17, 2023
@TheKingTermux TheKingTermux added the High This label for Security Severity only label May 9, 2023
@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Jul 10, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 17, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Jul 17, 2023
@TheKingTermux TheKingTermux reopened this Jul 17, 2023
@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Sep 17, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 25, 2023
@TheKingTermux TheKingTermux reopened this Sep 25, 2023
@github-actions github-actions bot removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Sep 26, 2023
@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 26, 2023
@TheKingTermux TheKingTermux mentioned this issue Nov 26, 2023
Merged
Repository owner deleted a comment from github-actions bot Nov 29, 2023
Repository owner deleted a comment from github-actions bot Nov 29, 2023
Repository owner deleted a comment from github-actions bot Nov 29, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 29, 2023
@TheKingTermux TheKingTermux added Solved Label for solved issues / Pr and removed do-not-autoclose Make bot can't close an Issues or PRs labels Nov 30, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Auto Create Issues Label for Auto Created Issues High This label for Security Severity only Security Label for Security Issues Solved Label for solved issues / Pr
Projects
None yet
Milestone
Alice 1.0.6
Development

Successfully merging a pull request may close this issue.

[Snyk] Security upgrade sharp-cli from 4.1.1 to 4.2.0 TheKingTermux/alice
1 participant
@TheKingTermux