nodejs-lts-hydrogen

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Unknown
Version	Removed

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2854	18.18.2-2	18.20.1-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2024-27983	AVG-2854	High	Yes	Denial of service	An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...
CVE-2024-27982	AVG-2854	Medium	Yes	Insufficient validation	The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....

Issue

Group

Severity

Remote

Type

Description

CVE-2024-27983

AVG-2854

High

Yes

Denial of service

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...

CVE-2024-27982

AVG-2854

Medium

Yes

Insufficient validation

The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....