Denial of Service and Content Injection

Module: i18n-node-angular

Published: January 25th, 2016

Reported by: Garth Boyd

CVE-NONE

CWE-

Vulnerable: <1.4.0
Patched: >=1.4.0

Overview

  • i18n-node-angular is a module used to interact between i18n and angular without using additional resources
  • A REST API endpoint that is used for development was not disabled in production environments
  • A malicious user could fill up the server causing a Denial of Service or content injection

Remediation

Upgrade to version 1.4.0 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo