Node.js Multiple Vulnerabilities

Release Date: 16 Oct 2023 6566 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Node.js. A remote attacker can exploit these vulnerabilities to trigger denial of service, security restriction bypass and sensitive information disclosure on the targeted system.

 

Note:

CVE-2023-44487 is a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability known as Rapid Reset, has been exploited in the wild.

Impact

  • Security Restriction Bypass
  • Information Disclosure
  • Denial of Service

System / Technologies affected

  • Node.js versions prior to 18.18.2 (LTS)
  • Node.js versions prior to 20.8.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Update to Node.js version 18.18.2(LTS)
  • Update to Node.js version 20.8.1

Vulnerability Identifier

Source

Related Link

Related Tags

Node.jsDenial of ServiceSecurity Restriction BypassInformation DisclosureExploit In The Wild

Share with

Previous

Juniper Junos OS Multiple Vulnerabilities

13 Oct 2023 3653 Views

Next

QNAP NAS Multiple Vulnerabilities

16 Oct 2023 3617 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY