Practical Security Guides For Your Team
Clear, non-alarmist guidance for real web vulnerabilities so your team can prioritize fixes confidently.
HTTP Library Flaw Lets Attackers Crash Your Server with One Request
highYour application uses a popular tool called Axios to make web requests behind the scenes. A flaw in this tool means that if your app accepts any user-supplied data and passes it — even indirectly — into Axios, an attacker can send a single specially crafted message that instantly crashes your server. No password or account needed.
Outdated JavaScript Utility Library Allows Application Disruption (CVE-2018-16487)
highYour application is using a very old version of lodash (3.10.1), a popular JavaScript helper library, that contains a known security flaw. An attacker who can send crafted data to your application could use this flaw to disrupt your service or, in some cases, interfere with how your application behaves. The fix is a straightforward library upgrade.
Axios Library Flaw Lets Attackers Crash Your Node.js Server
highYour application uses a version of Axios — a very common networking library — that has a flaw allowing an attacker to send a specially crafted request that forces your server to consume all available memory and crash. This causes downtime for your users and can be triggered with a single request, requiring no login or special access.