Описание
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | c-ares | Not affected | ||
| Red Hat Enterprise Linux 6 | c-ares | Not affected | ||
| Red Hat Enterprise Linux 7 | c-ares | Not affected | ||
| Red Hat Enterprise Linux 8 | c-ares | Not affected | ||
| Red Hat Enterprise Linux 8 | nodejs:10/nodejs | Not affected | ||
| Red Hat Software Collections | rh-nodejs10-nodejs | Not affected | ||
| Red Hat Enterprise Linux 8 | nodejs | Fixed | RHSA-2020:5499 | 15.12.2020 |
| Red Hat Enterprise Linux 8 | nodejs | Fixed | RHSA-2021:0551 | 16.02.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nodejs12-nodejs | Fixed | RHSA-2020:5305 | 01.12.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nodejs14-nodejs | Fixed | RHSA-2021:0421 | 04.02.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
A Node.js application that allows an attacker to trigger a DNS request ...
7.5 High
CVSS3