Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Evented I/O for V8 javascript (LTS release: Iron)
Version 20.15.1-1 [extra]


Group Affected Fixed Severity Status Ticket
AVG-2853 20.11.1-1 20.12.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2024-27983 AVG-2853 High Yes Denial of service
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It...
CVE-2024-27982 AVG-2853 Medium Yes Insufficient validation
The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling....