CVE-2024-27922 – This vulnerability in TOMP Bare Server allows a... (How to Fix)

Q: What is the severity of CVE-2024-27922?

CVE-2024-27922 has a CVSS score of 9.8 (CRITICAL). This vulnerability in TOMP Bare Server allows attackers to manipulate HTTP requests through insecure handling in the @tomphttp/bare-server-node package. It affects all systems using vulnerable versions of this package, potentially enabling traffic interception or manipulation. The impact depends on how the package is deployed but could affect any application relying on it.

📋 TL;DR

This vulnerability in TOMP Bare Server allows attackers to manipulate HTTP requests through insecure handling in the @tomphttp/bare-server-node package. It affects all systems using vulnerable versions of this package, potentially enabling traffic interception or manipulation. The impact depends on how the package is deployed but could affect any application relying on it.

💻 Affected Systems

Products:

@tomphttp/bare-server-node

Versions: All versions prior to 2.0.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any deployment using the vulnerable package regardless of configuration.

📦 What is this software?

Tomp Bare Server by Tomphttp

View all CVEs affecting Tomp Bare Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of web traffic passing through the server, enabling man-in-the-middle attacks, data interception, request manipulation, and potential credential theft.

🟠

Likely Case

Partial traffic manipulation allowing attackers to modify requests/responses, inject malicious content, or redirect users to malicious sites.

🟢

If Mitigated

Limited impact with proper network segmentation, but still potential for internal traffic manipulation if exploited.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The advisory suggests the vulnerability is in HTTP request handling, which typically requires network access but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.2

Vendor Advisory: https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533

Restart Required: Yes

Instructions:

1. Update package.json to specify @tomphttp/bare-server-node version 2.0.2 or higher. 2. Run npm update @tomphttp/bare-server-node. 3. Restart the server application.

🧯 If You Can't Patch

Isolate the vulnerable server behind a reverse proxy with strict request validation.
Implement network segmentation to limit the server's exposure and potential attack surface.

🔍 How to Verify

Check if Vulnerable:

Check package.json or run npm list @tomphttp/bare-server-node to see if version is below 2.0.2.

Check Version:

npm list @tomphttp/bare-server-node

Verify Fix Applied:

Confirm npm list @tomphttp/bare-server-node shows version 2.0.2 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP request patterns
Unexpected request modifications
Abnormal traffic redirections

Network Indicators:

Suspicious HTTP traffic manipulation
Unexpected proxy behavior
Traffic interception patterns

SIEM Query:

Search for HTTP requests with unusual headers or modifications in server logs.

📊 Metadata

CVE ID: CVE-2024-27922

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-444

Published: March 21, 2024

Last Updated: January 2, 2026

🔗 References

https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533 Vendor Advisory
https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27922, you might also want to check these: