CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
31.0%
nodejs is vulnerable to Inconsistency Between Implementation and Documented Design. The vulnerability is due to generateKeys
API function returned from crypto.createDiffieHellman
only generates missing (or outdated) keys.This discrepancy between the documented and actual behavior of the API allows an attacker to exploit the inconsistency, potentially leading to security breaches in applications that use the Diffie-Hellman method for key generation and expect both private and public keys to be generated as per the documentation.