What is CVE-2024-21536?

CVE-2024-21536 is a high-severity vulnerability in Chimurai Http-proxy-middleware, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2024-10-19.

How severe is CVE-2024-21536?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2024-21536 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Chimurai Http-proxy-middleware

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process an…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.010 (58.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Chimurai Http-proxy-middleware
N/a Http-proxy-middleware — versions 0, 3.0.0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

report@snyk.io (Third Party Advisory)
report@snyk.io (Exploit, Third Party Advisory)
report@snyk.io (Patch)
report@snyk.io (Patch)

Frequently asked questions

What is CVE-2024-21536?: CVE-2024-21536 is a high-severity vulnerability in Chimurai Http-proxy-middleware, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2024-10-19.
How severe is CVE-2024-21536?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2024-21536 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.