This affects all versions of the package dicer
. A malicious attacker can send a modified form to the server and crash the Node.js service. A complete denial of service can be achieved by sending the malicious form in a loop.
CPE | Name | Operator | Version |
---|---|---|---|
org.webjars.npm:dicer | eq | 0.3.0 | |
dicer | le | 0.3.1 | |
org.webjars.npm:dicer | eq | 0.2.5 |