Last Login: September 07, 2023
3dcyber's Latest (2) Contributions
This vulnerability causes a denial of service in applications that use the moment library in the vulnerable versions.
When the application only loads or uses the library on the frontend, the impact is less since the denial of service is local to the browser.
This vulnerability affects HAProxy and does not require prior authentication as indicated by the CVSS score. Hopefully there is an update to the CVSS.
This vulnerability allows RCE when HTTP2 is enabled on HAProxy. There is a PoC exploit created by the researcher who discovered the vulnerability.
Note that in some solutions HTTP2 on HAProxy may be enabled by default.
To defend against this vulnerability:
- HAproxy patches can be applied.
- As workaroud you can disable HTTP2.