CVE-2022-24434

Name of the Vulnerable Software and Affected Versions dicer versions all

Description The issue is related to the dicer package, where a malicious attacker can send a modified form to the server, causing the Node.js service to crash. By sending the payload repeatedly, an attacker can achieve a continuous denial of service. The vulnerability is associated with incorrect resource cleanup or deallocation in the dicer parser.

Recommendations As a temporary workaround, consider disabling the vulnerable dicer package until a patch is available. Restrict access to the dicer package to minimize the risk of exploitation. Avoid using the dicer package in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.