CVE-2022-24375 Denial of Service (DoS)

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...

CVE-2022-21208

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...