PT-2018-4555 · Node.Js · Ecstatic

Ghost

Published

2018-05-29

Updated

2019-10-09

CVE-2015-9242

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ecstatic versions prior to 1.4.0

Description The issue arises when certain input strings are passed to new Date() or Date.parse() in the ecstatic node module, causing v8 to raise an exception and leading to a crash and denial of service. This occurs when the input is passed into the server via the "If-Modified-Since" header or the "Last-Modified" header. The exception is triggered by parsing certain inputs with new Date() or Date.parse(), resulting in a server crash.

Recommendations Update to version 1.4.0 or later.

Fix

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

CVE-2015-9242

GHSA-VWJC-Q9PX-R9VQ

Affected Products

Ecstatic

PT-2018-4555 · Node.Js · Ecstatic

CVE-2015-9242

Weakness Enumeration

Related Identifiers

Affected Products

References · 7