nodejs-lts-hydrogen
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Evented I/O for V8 javascript (LTS release: Hydrogen) |
| Version | 18.20.5-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2854 | 18.18.2-2 | 18.20.1-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2024-27983 | AVG-2854 | High | Yes | Denial of service | An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It... |
| CVE-2024-27982 | AVG-2854 | Medium | Yes | Insufficient validation | The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling.... |