Home > Vulnerability Database > WS-2019-0271

Mend.io Vulnerability Database

WS-2019-0271

Good to know:

Date: September 13, 2019

subtext in all versions is vulnerable to Denial of Service. This is caused by the fact that the package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. Which allows attackers to send requests with arbitrary payload sizes. This may exhaust the system's resources leading to Denial of Service.

Language: JS

Severity Score

7.5

Related Resources (3)

Url: https://github.com/hapijs/subtext/commit/1e2aed64b7154e1786d866a3b5bdd4f36e9f492d

Url: https://github.com/hapijs/subtext/issues/72

Url: https://www.mend.io/vulnerability-database/WS-2019-0271

Severity Score

7.5

Weakness Type (CWE)

Configuration

CWE-16

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2019-0271

Good to know:

Date: September 13, 2019

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?