Vulnerabilities > CVE-2022-24434 - Unspecified vulnerability in Dicer Project Dicer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://github.com/mscdex/busboy/issues/250
- https://github.com/mscdex/busboy/issues/250
- https://github.com/mscdex/dicer/pull/22
- https://github.com/mscdex/dicer/pull/22
- https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac
- https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
- https://snyk.io/vuln/SNYK-JS-DICER-2311764
- https://snyk.io/vuln/SNYK-JS-DICER-2311764