Vulnerable Package issue exists @ Npm-file-type-5.2.0 in branch main
An issue was discovered in the file-type package versions prior to 16.5.4 and 17.0.x prior to 17.1.3 for "Node.js". A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
Vulnerable Package issue exists @ Npm-file-type-5.2.0 in branch main
An issue was discovered in the file-type package versions prior to 16.5.4 and 17.0.x prior to 17.1.3 for "Node.js". A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: MEDIUM State: NOT_IGNORED Status: RECURRENT CWE: CWE-835
Additional Info Attack vector: LOCAL Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 16.5.4
References Advisory Release Note Commit