Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Evented I/O for V8 javascript (LTS release: Hydrogen)
Version 18.20.2-3 [extra-testing]
18.20.2-2 [extra]


Group Affected Fixed Severity Status Ticket
AVG-2854 18.18.2-2 18.20.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2024-27983 AVG-2854 High Yes Denial of service
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...
CVE-2024-27982 AVG-2854 Medium Yes Insufficient validation
The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....