Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1Blast Radius
ecosystem impact- 7 npm packages depend on valine (5 direct, 2 indirect)
Ecosystem-wide dependent count for version 1.4.14.
DescriptionNVD
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
AnalysisAI
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. Affected products include: Valine.Js Valine.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute a
An issue was discovered in Valine v1.3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today