Vulnerability Description
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may vary depending on the specific usage of the package but it can potentially affect any system where this package is in use. The problem has been patched in version 2.0.2. As of time of publication, no specific workaround strategies have been disclosed.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tomphttp | Tomp Bare Server | < 2.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-Vendor Advisory
- https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-Vendor Advisory
FAQ
What is CVE-2024-27922?
CVE-2024-27922 is a vulnerability with a CVSS score of 9.8 (CRITICAL). TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw pote...
How severe is CVE-2024-27922?
CVE-2024-27922 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-27922?
Check the references section above for vendor advisories and patch information. Affected products include: Tomphttp Tomp Bare Server.