Main Vulnerability Database Vulnerabilities #VU47217

#VU47217 Resource exhaustion in Node.js - CVE-2020-8251

Published: September 18, 2020 / Updated: September 30, 2020

Vulnerability identifier: #VU47217

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-8251

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Node.js

Software vendor:
Node.js Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.

Remediation

Install update from vendor's website.

External links

https://hackerone.com/reports/868834
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

#VU47217 Resource exhaustion in Node.js - CVE-2020-8251

Description

Remediation

External links

Please verify you're human