AVG-2854 log
Package | nodejs-lts-hydrogen |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 18.18.2-2 |
Fixed | 18.20.1-1 |
Current | 18.20.5-1 [extra] |
Ticket | None |
Created | Wed Apr 3 15:53:32 2024 |
Advisory | Pending |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2024-27983 | High | Yes | Denial of service | An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It... |
CVE-2024-27982 | Medium | Yes | Insufficient validation | The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling.... |
References |
---|
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ https://github.com/nodejs/node/releases/tag/v18.20.1 |