2319884 – (CVE-2024-21536) CVE-2024-21536 http-proxy-middleware: Denial of Service

Bug 2319884 (CVE-2024-21536) - CVE-2024-21536 http-proxy-middleware: Denial of Service

Summary: CVE-2024-21536 http-proxy-middleware: Denial of Service

Keywords:
Status:	NEW
Alias:	CVE-2024-21536
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2320111 2320122 2320113 2320115 2320116 2320118 2320119 2320120 2320121
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-19 06:01 UTC by OSIDB Bzimport
Modified:	2025-05-15 08:28 UTC (History)
CC List:	137 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:9627	None	None	None	2024-11-14 08:35:44 UTC
Red Hat Product Errata	RHSA-2025:3928	None	None	None	2025-04-15 19:46:23 UTC
Red Hat Product Errata	RHSA-2025:3929	None	None	None	2025-04-15 19:52:50 UTC
Red Hat Product Errata	RHSA-2025:3930	None	None	None	2025-04-15 20:29:39 UTC
Red Hat Product Errata	RHSA-2025:4511	None	None	None	2025-05-06 07:15:18 UTC

Description OSIDB Bzimport 2024-10-19 06:01:01 UTC

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

Comment 2 errata-xmlrpc 2024-11-14 08:35:36 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.6 for RHEL 8
  Red Hat OpenShift Service Mesh 2.6 for RHEL 9

Via RHSA-2024:9627 https://access.redhat.com/errata/RHSA-2024:9627

Comment 7 errata-xmlrpc 2025-04-15 19:46:15 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.5

Via RHSA-2025:3928 https://access.redhat.com/errata/RHSA-2025:3928

Comment 8 errata-xmlrpc 2025-04-15 19:52:41 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.6

Via RHSA-2025:3929 https://access.redhat.com/errata/RHSA-2025:3929

Comment 9 errata-xmlrpc 2025-04-15 20:29:31 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.7

Via RHSA-2025:3930 https://access.redhat.com/errata/RHSA-2025:3930

Comment 11 errata-xmlrpc 2025-05-06 07:15:08 UTC

This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:4511 https://access.redhat.com/errata/RHSA-2025:4511

Note You need to log in before you can comment on or make changes to this bug.

aazores
abarbaro
adudiak
adupliak
akostadi
alcohan
amasferr
amctagga
anjoseph
anpicker
bdettelb
bparees
brking
caswilli
cbartlet
cdaley
chazlett
cmah
cmiranda
danken
davidn
david.sastre
dbosanac
dhanak
dkuc
dmayorov
doconnor
dsimansk
dymurray
eaguilar
ebaron
ecerquei
eric.wittmann
fdeutsch
fjansen
gkamathe
gmalinko
gparvin
gtanzill
haoli
hasun
hkataria
ibek
ibolton
jajackso
janstey
jcammara
jcantril
jchui
jforrest
jfula
jhe
jkoehler
jlledo
jmatthew
jmitchel
jmontleo
jneedle
jolong
jowilson
jprabhak
jreimann
jrokos
jwendell
jwong
kaycoth
kegrant
kingland
koliveir
kshier
ktsao
kverlaen
lchilton
lphiri
mabashia
matzew
mdessi
mjaros
mkudlej
mmakovy
mnovotny
mrizzi
mwringe
nboldt
nipatil
njean
nyancey
omaciel
ometelka
oramraz
owatkins
pahickey
pantinor
parichar
pbraun
pcattana
pcongius
pdelbell
pgaikwad
phoracek
pierdipi
pjindal
psrna
ptisnovs
rcernich
rguimara
rhaigner
rhuss
rjohnson
rkubis
rojacob
rstepani
rtaniwa
saroy
sdawley
sfeifer
sfroberg
shvarugh
simaishi
slucidi
smcdonal
smullick
sseago
stcannon
stirabos
syedriko
tasato
teagle
tfister
thason
thavo
tjochec
tkral
twalsh
wtam
xdharmai
yguenane