CWE-241
AllowedImproper Handling of Unexpected Data Type
Abstraction: Base · Status: Draft
The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).
55 vulnerabilities reference this CWE, most recent first.
GHSA-GFWP-PR8H-RV7G
Vulnerability from github – Published: 2025-03-14 15:32 – Updated: 2026-01-16 18:31The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).
{
"affected": [],
"aliases": [
"CVE-2025-2268"
],
"database_specific": {
"cwe_ids": [
"CWE-241"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-14T14:15:20Z",
"severity": "MODERATE"
},
"details": "The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).",
"id": "GHSA-gfwp-pr8h-rv7g",
"modified": "2026-01-16T18:31:17Z",
"published": "2025-03-14T15:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2268"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_12114154-12114176-16/hpsbpi04013"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GPGX-WHWH-R297
Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2023-06-19 16:50Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references.
Original Description
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.
{
"affected": [
{
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/apple/swift-nio-http2"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.19.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-241"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-19T16:50:23Z",
"nvd_published_at": "2022-02-09T23:15:00Z",
"severity": "HIGH"
},
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references.\n\n## Original Description\n\nA program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.",
"id": "GHSA-gpgx-whwh-r297",
"modified": "2023-06-19T16:50:23Z",
"published": "2022-02-11T00:00:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-pgfx-g6rc-8cjv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24668"
},
{
"type": "PACKAGE",
"url": "https://github.com/apple/swift-nio-http2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames",
"withdrawn": "2023-06-19T16:50:23Z"
}
GHSA-J226-HWHH-899J
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-05-14 18:30Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-25966"
],
"database_specific": {
"cwe_ids": [
"CWE-241"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T16:16:15Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.",
"id": "GHSA-j226-hwhh-899j",
"modified": "2024-05-14T18:30:59Z",
"published": "2024-05-14T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25966"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000224860/dsa-2024-163-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-J9R7-XGVG-H2R5
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:29A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
{
"affected": [],
"aliases": [
"CVE-2022-39065"
],
"database_specific": {
"cwe_ids": [
"CWE-241"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T16:15:00Z",
"severity": "MODERATE"
},
"details": "A single malformed IEEE 802.15.4 (Zigbee) frame makes the TR\u00c5DFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TR\u00c5DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"id": "GHSA-j9r7-xgvg-h2r5",
"modified": "2024-04-04T05:29:27Z",
"published": "2023-07-06T19:24:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39065"
},
{
"type": "WEB",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting-gateway"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MC6F-8J7W-Q9XW
Vulnerability from github – Published: 2024-10-02 18:31 – Updated: 2024-10-02 18:31Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs.
{
"affected": [],
"aliases": [
"CVE-2024-9423"
],
"database_specific": {
"cwe_ids": [
"CWE-241"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-02T16:15:11Z",
"severity": "MODERATE"
},
"details": "Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a \u201cJPEG Unsupported\u201d message which may not clear, potentially blocking queued print jobs.",
"id": "GHSA-mc6f-8j7w-q9xw",
"modified": "2024-10-02T18:31:32Z",
"published": "2024-10-02T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9423"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_11266441-11266463-16/hpsbpi03976"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MP98-Q49W-JJHW
Vulnerability from github – Published: 2023-09-29 06:30 – Updated: 2024-04-04 07:58Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith() or eventName.toString(), while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
{
"affected": [],
"aliases": [
"CVE-2023-30591"
],
"database_specific": {
"cwe_ids": [
"CWE-241",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-29T06:15:09Z",
"severity": "HIGH"
},
"details": "Denial-of-service in NodeBB \u003c= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.",
"id": "GHSA-mp98-q49w-jjhw",
"modified": "2024-04-04T07:58:03Z",
"published": "2023-09-29T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30591"
},
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/commit/37b48b82a4bc7680c6e4c42647209010cb239c2c"
},
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/commit/4d2d76897a02e7068ab74c81d17a2febfae8bfb9"
},
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/commit/830f142b7aea2e597294a84d52c05aab3a3539ca"
},
{
"type": "WEB",
"url": "https://starlabs.sg/advisories/23/23-30591"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PFX9-W6CC-Q924
Vulnerability from github – Published: 2025-09-24 00:30 – Updated: 2025-09-24 00:30Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.
{
"affected": [],
"aliases": [
"CVE-2024-21935"
],
"database_specific": {
"cwe_ids": [
"CWE-241"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-23T22:15:33Z",
"severity": "MODERATE"
},
"details": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption.",
"id": "GHSA-pfx9-w6cc-q924",
"modified": "2025-09-24T00:30:41Z",
"published": "2025-09-24T00:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21935"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PGFX-G6RC-8CJV
Vulnerability from github – Published: 2023-05-18 17:32 – Updated: 2023-06-19 16:50A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases.
This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed.
Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack.
The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service.
The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks.
The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services.
The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.
{
"affected": [
{
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/apple/swift-nio-http2"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.19.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24668"
],
"database_specific": {
"cwe_ids": [
"CWE-241"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-18T17:32:00Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases.\n\nThis vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed.\n\nSending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack.\n\nThe attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service.\n\nThe attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks.\n\nThe risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services.\n\nThe issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.",
"id": "GHSA-pgfx-g6rc-8cjv",
"modified": "2023-06-19T16:50:37Z",
"published": "2023-05-18T17:32:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-pgfx-g6rc-8cjv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24668"
},
{
"type": "WEB",
"url": "https://github.com/apple/swift-nio-http2/commit/000ca94f9de92c95b9ac85d44600b7b0fe25a3e5"
},
{
"type": "PACKAGE",
"url": "https://github.com/apple/swift-nio-http2"
},
{
"type": "WEB",
"url": "https://github.com/apple/swift-nio-http2/releases/tag/1.19.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames"
}
GHSA-QXG5-2QFF-P49R
Vulnerability from github – Published: 2021-06-18 19:31 – Updated: 2021-06-18 19:31A type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function.
Impact
XSS
Patches
3.2.0
Workarounds
Ensure that the html parameter is a string before calling the function.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "striptags"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32696"
],
"database_specific": {
"cwe_ids": [
"CWE-241",
"CWE-79",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-18T19:31:21Z",
"nvd_published_at": "2021-06-18T20:15:00Z",
"severity": "MODERATE"
},
"details": "A type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function.\n\n### Impact\n\nXSS\n\n### Patches\n\n`3.2.0`\n\n### Workarounds\n\nEnsure that the `html` parameter is a string before calling the function.\n",
"id": "GHSA-qxg5-2qff-p49r",
"modified": "2021-06-18T19:31:21Z",
"published": "2021-06-18T19:31:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ericnorris/striptags/security/advisories/GHSA-qxg5-2qff-p49r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32696"
},
{
"type": "WEB",
"url": "https://github.com/ericnorris/striptags/commit/f252a6b0819499cd65403707ebaf5cc925f2faca"
},
{
"type": "WEB",
"url": "https://github.com/ericnorris/striptags/releases/tag/v3.2.0"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/striptags"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Passing in a non-string \u0027html\u0027 argument can lead to unsanitized output"
}
GHSA-VJPV-X8P9-7P85
Vulnerability from github – Published: 2024-07-10 06:33 – Updated: 2024-07-10 21:28All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash.
Note: By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "images"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21523"
],
"database_specific": {
"cwe_ids": [
"CWE-241",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-10T21:28:42Z",
"nvd_published_at": "2024-07-10T05:15:11Z",
"severity": "HIGH"
},
"details": "All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash.\n\n**Note:**\nBy providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.",
"id": "GHSA-vjpv-x8p9-7p85",
"modified": "2024-07-10T21:28:42Z",
"published": "2024-07-10T06:33:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21523"
},
{
"type": "WEB",
"url": "https://gist.github.com/dellalibera/8b4ea6b4db84cba212e6e6e39a6933d1"
},
{
"type": "PACKAGE",
"url": "https://github.com/zhangyuanwei/node-images"
},
{
"type": "WEB",
"url": "https://github.com/zhangyuanwei/node-images/blob/691d49f4e620b4eec9f1c47b1735841d9d8b55f6/src/Image.cc"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-IMAGES-6421826"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "images vulnerable to Denial of Service"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CAPEC-48: Passing Local Filenames to Functions That Expect a URL
This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.