Vulnerability Details : CVE-2016-10524
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.
Vulnerability category: Denial of service
Products affected by CVE-2016-10524
- cpe:2.3:a:i18n-node-angular_project:i18n-node-angular:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10524
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10524
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
8.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H |
2.3
|
5.3
|
NIST |
CWE ids for CVE-2016-10524
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2016-10524
-
https://github.com/oliversalzburg/i18n-node-angular/commit/877720d2d9bb90dc8233706e81ffa03f99fc9dc8
[FIX] Only register translate route during development · oliversalzburg/i18n-node-angular@877720d · GitHubPatch;Third Party Advisory
Jump to