5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
nodejs: CONTINUATION frames DoS (CVE-2024-27983)
nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%