AVG-2854 log

Package	nodejs-lts-hydrogen
Status	Fixed
Severity	High
Type	multiple issues
Affected	18.18.2-2
Fixed	18.20.1-1
Current	Removed
Ticket	None
Created	Wed Apr 3 15:53:32 2024
Advisory	Pending

Issue	Severity	Remote	Type	Description
CVE-2024-27983	High	Yes	Denial of service	An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...
CVE-2024-27982	Medium	Yes	Insufficient validation	The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....

Issue

Severity

Remote

Type

Description

CVE-2024-27983

High

Yes

Denial of service

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...

CVE-2024-27982

Medium

Yes

Insufficient validation

The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....

References
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ https://github.com/nodejs/node/releases/tag/v18.20.1