Vulnerability Description
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ecstatic Project | Ecstatic | < 1.4.0 |
Related Weaknesses (CWE)
References
- https://bugs.chromium.org/p/v8/issues/detail?id=4640Issue TrackingThird Party Advisory
- https://github.com/jfhbrook/node-ecstatic/pull/179Issue TrackingThird Party Advisory
- https://nodesecurity.io/advisories/64Third Party Advisory
- https://bugs.chromium.org/p/v8/issues/detail?id=4640Issue TrackingThird Party Advisory
- https://github.com/jfhbrook/node-ecstatic/pull/179Issue TrackingThird Party Advisory
- https://nodesecurity.io/advisories/64Third Party Advisory
FAQ
What is CVE-2015-9242?
CVE-2015-9242 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when t...
How severe is CVE-2015-9242?
CVE-2015-9242 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-9242?
Check the references section above for vendor advisories and patch information. Affected products include: Ecstatic Project Ecstatic.