AVG-2853 log

Package	nodejs-lts-iron
Status	Fixed
Severity	High
Type	multiple issues
Affected	20.11.1-1
Fixed	20.12.1-1
Current	20.12.2-1 [extra]
Ticket	None
Created	Wed Apr 3 15:51:33 2024
Advisory	Pending

Issue	Severity	Remote	Type	Description
CVE-2024-27983	High	Yes	Denial of service	An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...
CVE-2024-27982	Medium	Yes	Insufficient validation	The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....

Issue

Severity

Remote

Type

Description

CVE-2024-27983

High

Yes

Denial of service

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...

CVE-2024-27982

Medium

Yes

Insufficient validation

The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....

References
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ https://github.com/nodejs/node/releases/tag/v20.12.1