PT-2023-12132 · Suchmokuo · Node-Worker-Threads-Pool

Exx8O

Published

2023-08-11

Updated

2023-08-21

CVE-2021-29057

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SUCHMOKUO node-worker-threads-pool version 1.4.3

Description An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool, allowing attackers to cause a denial of service. This issue can be mitigated by manually creating a timeout.

Recommendations For version 1.4.3, consider creating a timeout when using the StaticPool to mitigate the risk of denial of service, for example by using the setTimeout method on the executor, as shown in the provided example code.

Exploit

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2021-29057

GHSA-7VXC-Q7RV-QFJ8

Affected Products

Node-Worker-Threads-Pool

PT-2023-12132 · Suchmokuo · Node-Worker-Threads-Pool

CVE-2021-29057

Weakness Enumeration

Related Identifiers

Affected Products

References · 7