Vulnerabilities > CVE-2022-24434 - Unspecified vulnerability in Dicer Project Dicer

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

dicer-project

NVD

Published: 2022-05-20

Updated: 2022-06-07

Summary

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.

Vulnerable Configurations

Part	Description	Count
Application	Dicer_Project Dicer Project Dicer *	1

References

https://snyk.io/vuln/SNYK-JS-DICER-2311764
https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac
https://github.com/mscdex/dicer/pull/22
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
https://github.com/mscdex/busboy/issues/250