CVE-2020-8251
Description
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
CWE
- CWE-400 — Denial of Service (CWE-400)
Affected
- NodeJS / Node — v=4.0 <4.* [affected]; v=5.0 <5.* [affected]; v=6.0 <6.* [affected]; v=7.0 <7.* [affected]; v=8.0 <8.* [affected]; v=9.0 <9.* [affected]; v=11.0 <11.* [affected]; v=13.0 <13.* [affected]; v=14.0 <14.11.0 [affected]
CVSS
- (none)
References
- https://hackerone.com/reports/868834 x_refsource_MISC
- https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ x_refsource_MISC
- https://security.netapp.com/advisory/ntap-20201009-0004/ x_refsource_CONFIRM
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/ vendor-advisory, x_refsource_FEDORA
- https://security.gentoo.org/glsa/202101-07 vendor-advisory, x_refsource_GENTOO
Source
cvelistV5-main/cves/2020/8xxx/CVE-2020-8251.json