CVE-2022-24434

HIGH

dicer - Denial of Service via Malicious Form Data

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24434. PoCs published by nayankadamm.

AI-analyzed exploit summary This repository contains a functional Proof-of-Concept (PoC) for CVE-2022-24434, a vulnerability in the Dicer npm package version 0.3.1. The exploit demonstrates various edge cases and malformed multipart form data to trigger the vulnerability, potentially leading to a Denial of Service (DoS).

Description

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.

Exploits (1)

nomisec WORKING POC
by nayankadamm · poc
https://github.com/nayankadamm/CVE-2022-24434_POC

This repository contains a functional Proof-of-Concept (PoC) for CVE-2022-24434, a vulnerability in the Dicer npm package version 0.3.1. The exploit demonstrates various edge cases and malformed multipart form data to trigger the vulnerability, potentially leading to a Denial of Service (DoS).

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Dicer npm package v0.3.1
No auth needed
Prerequisites: Node.js environment · Dicer npm package version 0.3.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-DICER-2311764
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/mscdex/dicer/pull/22
Patch, Third Party Advisory x_refsource_misc
https://github.com/mscdex/busboy/issues/250

Scores

CVSS v3 7.5
EPSS 0.0199
EPSS Percentile 84.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (3)
dicer_project/dicer
npm/dicer 0npm
org.webjars.npm/dicer 0Maven
Published May 20, 2022
Tracked Since Feb 18, 2026