Описание
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | nodejs | Not affected | ||
| Red Hat Mobile Application Platform 4 | nodejs | Not affected | ||
| Red Hat OpenShift Application Runtimes | nodejs | Not affected | ||
| Red Hat OpenShift Container Platform 3.10 | logging-auth-proxy | Not affected | ||
| Red Hat OpenShift Container Platform 3.10 | logging-kibana | Not affected | ||
| Red Hat Software Collections | rh-nodejs4-nodejs | Not affected | ||
| Red Hat Software Collections | rh-nodejs6-nodejs | Not affected | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nodejs8-nodejs | Fixed | RHSA-2018:2949 | 18.10.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | rh-nodejs8-nodejs | Fixed | RHSA-2018:2949 | 18.10.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | rh-nodejs8-nodejs | Fixed | RHSA-2018:2949 | 18.10.2018 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ...
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
7.5 High
CVSS3