Lucene search
Veracode Vulnerability DatabaseVERACODE:36411HistoryJul 19, 2022 - 4:50 a.m.
Denial Of Service (DoS)
2022-07-1904:50:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.001 Low
EPSS
Percentile
30.7%
skywalking-backend-js is vulnerable to denial of service. An attacker can crash the application by providing a malicious SkyWalking header to the from function of ContextCarrier.ts, which improperly validates the sw8 headers and causes OAP to be unhealthy and the downstream service’s agent to be unable to establish the connection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| skywalking-backend-js | le | 0.5.0 | |
| skywalking-backend-js | le | 0.5.0 |
References
www.openwall.com/lists/oss-security/2022/07/18/1
github.com/advisories/GHSA-8gpg-466c-5cpj
github.com/apache/skywalking-nodejs/commit/75afb3ec7a40263ce9317d9e535ce46b296b546a
github.com/apache/skywalking-nodejs/pull/90
github.com/apache/skywalking/issues/7505
lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3
www.openwall.com/lists/oss-security/2022/07/18/1
Related
github
github
osv
osv
Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header
2022-07-19 00:00:27
CVE-2022-36127
2022-07-18 12:15:08
cve
cve
CVE-2022-36127
2022-07-18 12:15:08
cnvd
cnvd
Apache SkyWalking Denial of Service Vulnerability
2022-07-20 00:00:00
cvelist
cvelist
prion
prion
Code injection
2022-07-18 12:15:00
nvd
nvd
CVE-2022-36127
2022-07-18 12:15:08