CVE-2015-9242

Published: May 29, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

Affected (1)

Products: Ecstatic Project: Ecstatic

Ecstatic Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ecstatic Project Ecstatic	Before 1.4.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://bugs.chromium.org/p/v8/issues/detail?id=4640

Source: support@hackerone.com

Issue TrackingThird Party Advisory

https://github.com/jfhbrook/node-ecstatic/pull/179

Source: support@hackerone.com

Issue TrackingThird Party Advisory

https://nodesecurity.io/advisories/64

Source: support@hackerone.com

Third Party Advisory

https://bugs.chromium.org/p/v8/issues/detail?id=4640

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/jfhbrook/node-ecstatic/pull/179

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://nodesecurity.io/advisories/64

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.