What the vulnerability does

01Description

Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

Key dates

02Disclosure timeline

May 29, 2018 CVE published
September 17, 2024 Record updated