Lucene search

HackeroneCVE-2020-8251

HistorySep 18, 2020 - 9:15 p.m.

CVE-2020-8251

2020-09-1821:15:13

CWE-400

hackerone

web.nvd.nist.gov

node.js

vulnerability

cve-2020-8251

http

dos

denial of service

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.003

Percentile

69.5%

JSON

Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.

Affected configurations

Nvd

Vulners

Node

nodejsnode.jsRange14.0.0–14.11.0

Node

fedoraprojectfedoraMatch33

VendorProductVersionCPE
nodejsnode.js*cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nodejs	node.js	*	cpe:2.3:a:nodejs:node.js::::::::
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*

CNA Affected

[
  {
    "product": "https://github.com/nodejs/node",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in v14.11.0"
      }
    ]
  }
]