Login Sign Up

CVE-2024-22778

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2024-22778 is a Denial of Service vulnerability in HackMD CodiMD that allows attackers to crash the service, making it unavailable to legitimate users. This affects all organizations running vulnerable versions of CodiMD for collaborative markdown editing. The vulnerability requires no authentication to exploit.

💻 Affected Systems

Products:
  • HackMD CodiMD
Versions: All versions < 2.5.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of CodiMD versions below 2.5.2 are vulnerable regardless of configuration.

📦 What is this software?

Codimd by Hackmd

View all CVEs affecting Codimd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of CodiMD instance, disrupting all collaborative document editing and potentially causing data loss for unsaved work.

🟠

Likely Case

Temporary service disruption requiring manual restart of the CodiMD application, causing productivity loss for teams relying on the platform.

🟢

If Mitigated

Minimal impact with proper monitoring and automated recovery systems in place to detect and restart crashed services.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability appears to be triggered via specific HTTP requests that cause resource exhaustion or application crashes.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.2

Vendor Advisory: https://github.com/hackmdio/codimd/issues/1846

Restart Required: Yes

Instructions:

1. Backup your CodiMD data and configuration. 2. Update to CodiMD version 2.5.2 or later using npm update or package manager. 3. Restart the CodiMD service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Rate Limiting

all

Implement rate limiting on HTTP requests to reduce the impact of DoS attempts

# Configure rate limiting in your reverse proxy (nginx example)
limit_req_zone $binary_remote_addr zone=codimd:10m rate=10r/s;
limit_req zone=codimd burst=20 nodelay;

Network Segmentation

linux

Restrict access to CodiMD to trusted networks only

# Firewall rule example (iptables)
iptables -A INPUT -p tcp --dport 3000 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j DROP

🧯 If You Can't Patch

  • Implement aggressive rate limiting and request filtering at the network perimeter
  • Deploy monitoring with automated restart scripts to detect and recover from crashes

🔍 How to Verify

Check if Vulnerable:

Check CodiMD version via web interface or by examining package.json file

Check Version:

npm list codimd | grep codimd

Verify Fix Applied:

Confirm version is 2.5.2 or higher and test service stability under normal load

📡 Detection & Monitoring

Log Indicators:

  • Sudden service crashes
  • High CPU/memory usage spikes
  • Repeated failed requests from single IPs

Network Indicators:

  • Unusual HTTP request patterns
  • High volume of requests to specific endpoints

SIEM Query:

source="codimd.log" AND ("crash" OR "restart" OR "out of memory")

📊 Metadata

CVE ID: CVE-2024-22778
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: February 21, 2024
Last Updated: May 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON