CVE-2022-24434
See original GitHub issuenoticed this output recently when looking at the logs of the integration tests. i don’t get this message when running npm i
on my local machine on a freshly cloned relay…
npm WARN deprecated multer@1.4.4: Multer 1.x is affected by CVE-2022-24434. This is fixed in v1.4.4-lts.1 which drops support for versions of Node.js before 6. Please upgrade to at least Node.js 6 and version 1.4.4-lts.1 of Multer. If you need support for older versions of Node.js, we are open to accepting patches that would fix the CVE on the main 1.x release line, whilst maintaining compatibility with Node.js 0.10.
node -v: v16.16.0, npm -v: 8.18.0
Issue Analytics
- State:
- Created a year ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
CVE-2022-24434 Detail - NVD
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An...
Read more >CVE-2022-24434
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An...
Read more >Denial of Service (DoS) in dicer | CVE-2022-24434 | Snyk
Affected versions of this package are vulnerable to Denial of Service (DoS). A malicious attacker can send a modified form to server, and...
Read more >CVE-2022-24434 - Ubuntu
CVE-2022-24434 ... This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs ......
Read more >IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable ...
Potential vulnerabilities in Node.js dicer module (CVE-2022-24434) has been identified that may affect IBM Watson Assistant for IBM Cloud ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Looks like all the integration tests passed when I removed bcrypt
ok I see it https://github.com/stakwork/sphinx-relay/runs/8226373631?check_suite_focus=true#step:6:786
looks like its on the docker
RUN npm install bcrypt
step