Lucene search
BartH1:2375446HistoryFeb 15, 2024 - 6:19 p.m.
Internet Bug Bounty: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
2024-02-1518:19:30
bart
hackerone.com
$3495
25
internet bug bounty
http request
node.js
vulnerability
dos attacks
cpu consumption
0.0004 Low
EPSS
Percentile
14.9%
I’d like to report Node.js vulnerability (CVE-2024-22019) that was recently fixed:
- HackerOne report: https://hackerone.com/reports/2233486
- Release notes: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
Impact
This is a major issue because it allows unbounded resource (CPU, network bandwidth) consumption of the standard Node.js http server. The standard methods which could help blocking a malicious requests like timeouts and limiting request body size do not seem to work.
Related
redhat
redhat
(RHSA-2024:2651) Important: nodejs:16 security update
2024-05-02 06:41:20
(RHSA-2024:2793) Important: nodejs:16 security update
2024-05-09 09:24:14
(RHSA-2024:1678) Important: nodejs security update
2024-04-04 15:58:25
osv
osv
Important: nodejs security update
2024-03-20 00:00:00
Important: nodejs security update
2024-05-10 14:33:20
BIT-node-2024-22019
2024-05-24 07:26:57
prion
prion
Design/Logic Flaw
2024-02-20 02:15:00
nessus
nessus
RHEL 8 : nodejs:16 (RHSA-2024:2651)
2024-05-02 00:00:00
Oracle Linux 9 : nodejs (ELSA-2024-1438)
2024-03-21 00:00:00
RHEL 8 : nodejs:16 (RHSA-2024:2793)
2024-05-09 00:00:00
rocky
rocky
nodejs security update
2024-05-10 14:33:20
nodejs:16 security update
2024-03-27 04:34:32
nodejs:18 security update
2024-03-27 04:34:32
almalinux
almalinux
Important: nodejs security update
2024-03-20 00:00:00
Important: nodejs:16 security update
2024-03-20 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
veracode
veracode
Denial Of Service
2024-02-21 20:24:20
ubuntucve
ubuntucve
CVE-2024-22019
2024-02-20 00:00:00
ibm
ibm
hackerone
hackerone
redhatcve
redhatcve
CVE-2024-22019
2024-02-16 17:52:09
debiancve
debiancve
CVE-2024-22019
2024-02-20 02:15:50
cbl_mariner
cbl_mariner
CVE-2024-22019 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-06 17:48:02
cve
cve
CVE-2024-22019
2024-02-20 02:15:50
cvelist
cvelist
CVE-2024-22019
2024-02-20 01:31:08
oraclelinux
oraclelinux
nodejs security update
2024-03-21 00:00:00
nodejs:16 security update
2024-03-21 00:00:00
nodejs:18 security update
2024-03-26 00:00:00
f5
f5
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0732-1)
2024-03-01 00:00:00
Mageia: Security Advisory (MGASA-2024-0046)
2024-02-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0733-1)
2024-03-01 00:00:00
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
freebsd
freebsd
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00