Denial of Service (DDoS)

Affecting botkit package, versions <0.4.4

Do your applications use this vulnerable package? Test your applications

Overview

botkit is Building blocks for Building Bots.

Affected versions of the package are vulnerable to Denial of Service (DoS) attacks. An attacker may send huge arrays of requests or impersonate FB/users, causing the server to take extremely long time to process these requests.

Remediation

Upgrade botkit to version 0.4.4 or higher.

References

CVSS Score

5.3
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Credit
Unknown
CWE
CWE-400
Snyk ID
npm:botkit:20161220
Disclosed
19 Dec, 2016
Published
25 Dec, 2017