GMS-2020-736: Denial of Service in http-live-simulator

September 3, 2020

Versions of http-live-simulator prior to 1.0.8 are vulnerable to Denial of Service. The package fails to catch an exception that causes the Node process to crash, effectively shutting down the server. This allows an attacker to send an HTTP request that crashes the server.

Recommendation

Upgrade to version 1.0.8 or later.

References

github.com/advisories/GHSA-xgp2-cc4r-7vf6
hackerone.com/reports/627376
www.npmjs.com/advisories/1189

Detect and mitigate GMS-2020-736 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →