Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2020-0091

Good to know:

icon
icon

Date: May 14, 2020

Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.

Language: Java

Severity Score

Related Resources (3)

https://github.com/http-party/node-http-proxy/pull/1447
https://www.mend.io/vulnerability-database/WS-2020-0091
https://www.mend.io/resources/blog/june-2020-open-source-security-vulnerabilities-snapshot

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

icon

Upgrade Version

Upgrade to version postboxcms/postbox - dev-dependabot/npm_and_yarn/browserslist-4.16.6;postboxcms/postbox - dev-dependabot/npm_and_yarn/url-parse-1.5.10;postboxcms/postbox - dev-sanketraut-patch-1;postboxcms/postbox - dev-package/dbo;postboxcms/postbox - dev-feature/ISSUE-39;postboxcms/postbox - dev-dependabot/npm_and_yarn/ws-6.2.2;NorDroN.AngularTemplate - 0.1.6;scancode/portal-module - dev-dependabot/npm_and_yarn/Resources/assets/coreui/path-parse-1.0.7;scancode/portal-module - v1.0.12;scancode/portal-module - dev-dependabot/npm_and_yarn/Resources/assets/coreui/decode-uri-component-0.2.2;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;dotnetng.template - 1.0.0.4;moxie-dom - 0.1.1-alpha.0;mpcmf/mpcmf-web-app - 1.0.0.x-dev;mpcmf/mpcmf-web-app - no_fix;zymawy/ironside-core - dev-utils;Sheelersoft.AngularTemplate - no_fix;horizon/description - no_fix;horizon/description - dev-dependabot/npm_and_yarn/axios-0.21.1;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2;flexxia/flexprimeng - dev-update-angularjs;http-proxy - 1.18.1;jsdom - 11.11.0;GR.PageRender.Razor - 1.8.0;devsfort/fortblog - no_fix;novum/innovation-app-core - dev-temp-commit;KarmaNodeModules - no_fix;pwptemplatepusintek - no_fix;rotary/rotary_bs4 - no_fix;mayronalves/laravel-core - dev-dependabot/composer/symfony/mime-4.4.1;miljoen/nova-autofill - no_fix;miljoen/nova-autofill - v1.0.0;PWPTemplateCMS - no_fix;Fable.Template.Elmish.React - 0.1.6;Sheeler.AngularTemplate - no_fix;gheb/nn - dev-master;VueJS.NetCore - 1.1.1;MIDIator.WebClient - 1.0.105;mahlamusa/material-php - 1.0.0;bizprove/canvas - v1.0;efecanaltay/hello-world - no_fix;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.1;nolimits4web/framework7-icons - v3.0.1;code-server - 3.5.0;rustimate-client - no_fix;spyder-terminal - 0.4.0;mmi/mmi-cms - 2.3.1;configurable-http-proxy - 4.2.3;aimensasi/inquiry-module - no_fix;trezebits/trezevel-gallery - no_fix;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;org.webjars.npm:http-proxy:1.18.1;org.webjars:browser-sync:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us