0.006 Low
EPSS
Percentile
79.1%
ecstatic is vulnerable to regular expression denial of service (DoS) attacks. An attacker can use a string which contains a large number of null bytes in it to overload a server and cause a denial of service condition.
advisory.checkmarx.net/advisory/CX-2016-4450
github.com/jfhbrook/node-ecstatic/commit/71ce93988ead4b561a8592168c72143907189f01
www.checkmarx.com/advisories/denial-of-service-dos-vulnerability-in-ecstatic-npm-package/