PT-2020-9127 · Ecstatic · Ecstatic

Published

2020-01-02

Updated

2020-12-15

CVE-2019-10775

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ecstatic versions prior to 4.1.2 ecstatic versions prior to 3.3.2 ecstatic versions prior to 2.2.2

Description The issue allows for a denial of service, potentially causing an application to crash. It is also related to an Open Redirect vulnerability, where the package fails to validate redirects. This failure enables attackers to craft requests that result in an HTTP 301 redirect to any other domain.

Recommendations If using ecstatic 4.x, upgrade to 4.1.2 or later. If using ecstatic 3.x, upgrade to 3.3.2 or later. If using ecstatic 2.x, upgrade to 2.2.2 or later.

Fix

Open Redirect

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-400

Related Identifiers

CVE-2019-10775

GHSA-9Q64-MPXX-87FG

GHSA-JC84-3G44-WF2Q

SNYK-JS-ECSTATIC-540354

Affected Products

Ecstatic

PT-2020-9127 · Ecstatic · Ecstatic

CVE-2019-10775

Weakness Enumeration

Related Identifiers

Affected Products

References · 6