PT-2023-12132 · Suchmokuo · Node-Worker-Threads-Pool

Exx8O

Publicado

2023-08-11

Atualizado

2023-08-21

CVE-2021-29057

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SUCHMOKUO node-worker-threads-pool version 1.4.3

Description An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool, allowing attackers to cause a denial of service. This issue can be mitigated by manually creating a timeout.

Recommendations For version 1.4.3, consider creating a timeout when using the StaticPool to mitigate the risk of denial of service, for example by using the setTimeout method on the executor, as shown in the provided example code.

Exploit

Correção

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

CVE-2021-29057

GHSA-7VXC-Q7RV-QFJ8

Produtos afetados

Node-Worker-Threads-Pool

PT-2023-12132 · Suchmokuo · Node-Worker-Threads-Pool

CVE-2021-29057

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7