GHSA-xgp2-cc4r-7vf6 – http-live-simulator

Package

Manager: npm
Name: http-live-simulator
Vulnerable Version: >=0 <1.0.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Denial of Service in http-live-simulator Versions of `http-live-simulator` prior to 1.0.8 are vulnerable to Denial of Service. The package fails to catch an exception that causes the Node process to crash, effectively shutting down the server. This allows an attacker to send an HTTP request that crashes the server. ## Recommendation Upgrade to version 1.0.8 or later.

Metadata

Created: 2020-09-03T20:44:21Z
Modified: 2020-08-31T18:50:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-xgp2-cc4r-7vf6/GHSA-xgp2-cc4r-7vf6.json
CWE IDs: []
Alternative ID: N/A
Finding: F002
Auto approve: 1