AVG-2854 log

Package nodejs-lts-hydrogen
Status Fixed
Severity High
Type multiple issues
Affected 18.18.2-2
Fixed 18.20.1-1
Current 18.20.5-1 [extra]
Ticket None
Created Wed Apr 3 15:53:32 2024
Advisory Pending
Issue Severity Remote Type Description
CVE-2024-27983 High Yes Denial of service
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...
CVE-2024-27982 Medium Yes Insufficient validation
The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....
References
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
https://github.com/nodejs/node/releases/tag/v18.20.1