Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cjMtcDg2Ni1xOXFy
ircdkit vulnerable to Denial of Service due to unhandled connection end event
Versions of ircdkit 1.0.3 and prior are vulnerable to a remote denial of service.
Recommendation
Upgrade to version 1.0.4.
Permalink: https://github.com/advisories/GHSA-f7r3-p866-q9qrJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cjMtcDg2Ni1xOXFy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago
CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-f7r3-p866-q9qr
References:
- https://github.com/Twipped/ircdkit/issues/1
- https://github.com/Twipped/ircdkit/commit/f0cc6dc913ec17b499fa33a676bb72c624456f2c
- https://www.npmjs.com/advisories/735
- https://snyk.io/vuln/SNYK-JS-IRCDKIT-173688
- https://github.com/Twipped/ircdkit/pull/2/commits/595ed02cde517fad57854d2ac2855a09a626e665
- https://github.com/advisories/GHSA-f7r3-p866-q9qr
Blast Radius: 1.8
Affected Packages
npm:ircdkit
Dependent packages: 2Dependent repositories: 3
Downloads: 26 last month
Affected Version Ranges: <= 1.0.3
Fixed in: 1.0.4
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3
All unaffected versions: 1.0.4, 2.0.0