Skip to main content

Node.js Multiple Vulnerabilities

Release Date: 16 Oct 2023 8798 Views

RISK: Extremely High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Node.js. A remote attacker can exploit these vulnerabilities to trigger denial of service, security restriction bypass and sensitive information disclosure on the targeted system.

 

Note:

CVE-2023-44487 is a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability known as Rapid Reset, has been exploited in the wild.


Impact

  • Security Restriction Bypass
  • Information Disclosure
  • Denial of Service

System / Technologies affected

  • Node.js versions prior to 18.18.2 (LTS)
  • Node.js versions prior to 20.8.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Update to Node.js version 18.18.2(LTS)
  • Update to Node.js version 20.8.1

Vulnerability Identifier


Source


Related Link