ReDoS Vulnerability in aws-lambda-multipart-parser by Anton Myshenin
CVE-2018-7560

7.5HIGH

Key Information:

Vendor: Aws-lambda-multipart-parser Project
Status: Aws-lambda-multipart-parser
Vendor: CVE Published:; 4 March 2018

🔔 Create Aws-lambda-multipart-parser Project Vulnerability Alert

What is CVE-2018-7560?

The aws-lambda-multipart-parser, a package developed by Anton Myshenin, is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability found in its index.js file. This flaw arises from the way crafted multipart/form-data boundary strings are processed, allowing an attacker to exploit this vulnerability by sending specially designed input. When the vulnerable version, prior to 0.1.2, is employed, it potentially opens up applications to denial of service attacks, causing performance degradation or service interruption.

References

https://github.com/myshenin/aws-lambda-multipart-parser/c...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2018
Vulnerability Reserved
Feb 28, 2018