Denial of Service - Illegal access crash from if-modified-since header

Module: ecstatic

Published: December 23rd, 2015

Reported by: James Halliday

CVE-NONE

CWE-

Vulnerable: <1.4.0
Patched: >=1.4.0

Overview

Certain input strings when passed to new Date() or Date.parse() will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

Remediation

Upgrade to ecstatic version 1.4.0 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo