CVE-2016-10703

Published: Dec 14, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

Affected (1)

Products: Ecstatic Project: Ecstatic

Ecstatic Project

1 product

Ecstatic

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ecstatic Project Ecstatic	Before 2.0.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://advisory.checkmarx.net/advisory/CX-2016-4450

Source: cve@mitre.org

https://github.com/jfhbrook/node-ecstatic/commit/71ce93988ead4b561a8592168c72143907189f01

Source: cve@mitre.org

Issue TrackingPatch

https://www.checkmarx.com/advisories/denial-of-service-dos-vulnerability-in-ecstatic-npm-package/

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://advisory.checkmarx.net/advisory/CX-2016-4450

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/jfhbrook/node-ecstatic/commit/71ce93988ead4b561a8592168c72143907189f01

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://www.checkmarx.com/advisories/denial-of-service-dos-vulnerability-in-ecstatic-npm-package/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.