CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
81.1%
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
Vendor | Product | Version | CPE |
---|---|---|---|
nodejs | node.js | * | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
nodejs | node.js | * | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
fedoraproject | fedora | 32 | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
fedoraproject | fedora | 33 | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
oracle | blockchain_platform | * | cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* |
oracle | graalvm | 19.3.4 | cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:* |
oracle | graalvm | 20.3.0 | cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:* |
oracle | jd_edwards_enterpriseone_tools | * | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* |
oracle | mysql_cluster | * | cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:* |
oracle | retail_xstore_point_of_service | 16.0.6 | cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* |
[
{
"product": "https://github.com/nodejs/node",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 15.2.1, 14.15.1, 12.19.1"
}
]
}
]
hackerone.com/reports/1033107
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEIV4CH6KNVZK63Y6EKVN2XDW7IHSJBJ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXLJY4764LYVJPC7NCDLE2UMQ3QC5OI2/
nodejs.org/en/blog/vulnerability/november-2020-security-releases/
security.gentoo.org/glsa/202012-11
security.gentoo.org/glsa/202101-07
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpuoct2021.html
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
81.1%