Important: nodejs:18 security update

Important: nodejs:18 security update

ELSA-2024-1510: nodejs:18 security update (IMPORTANT)

ELSA-2024-1503: nodejs:18 security update (IMPORTANT)

Security update for nodejs18

Security update for nodejs18

Important: nodejs:20 security update

Important: nodejs:20 security update

ELSA-2024-1688: nodejs:20 security update (IMPORTANT)

ELSA-2024-1687: nodejs:20 security update (IMPORTANT)

Security update for nodejs20

Security update for nodejs12

Security update for nodejs14

Security update for nodejs16

Security update for nodejs16

Security update for nodejs16

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.