BIT-node-min-2024-22019

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/node-min/BIT-node-min-2024-22019.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-node-min-2024-22019
Aliases
Published
2024-12-16T13:54:43.219Z
Modified
2024-12-16T15:26:56.651066Z
Summary
[none]
Details

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Database specific
{
    "cpes": [
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / node-min

Package

Name
node-min
Purl
pkg:bitnami/node-min

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
21.0.0
Fixed
21.6.2
Introduced
19.0.0
Fixed
20.11.1
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.19.1