CVE-2022-24434

HIGH

Package Dicer - DoS

Title source: llm

Description

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.

Exploits (1)

nomisec WORKING POC

by nayankadamm · poc

https://github.com/nayankadamm/CVE-2022-24434_POC

View Code ZIP pw:eip

References (5)

[Patch, Third Party Advisory] https://github.com/mscdex/busboy/issues/250

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/mscdex/dicer/pull/22

[Patch, Third Party Advisory] https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac

[Exploit, Third Party Advisory] https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865

[Exploit, Third Party Advisory] https://snyk.io/vuln/SNYK-JS-DICER-2311764

Scores

CVSS v3 7.5

EPSS 0.0199

EPSS Percentile 83.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (3)

dicer_project/dicer

npm/dicer 0npm

org.webjars.npm/dicer 0Maven

Published May 20, 2022

Tracked Since Feb 18, 2026