CVE-2016-10703

Name of the Vulnerable Software and Affected Versions ecstatic versions prior to 2.0.0

Description A denial of service issue exists due to a regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js. This allows a remote attacker to overload and crash a server by passing a maliciously crafted string, specifically a payload with a large number of null bytes (%00), which can cause the server to run out of memory. The impact of the payload varies by size, with larger payloads causing increased lag or even server crashes.

Recommendations Update to version 2.0.0 or later. As a temporary workaround, consider restricting access to the ecstatic middleware to minimize the risk of exploitation. Avoid using payloads with a large number of null bytes (%00) in the affected API endpoint until the issue is resolved.