CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
30.0%
nodejs is vulnerable to Denial Of Service (DoS). The vulnerability exists when an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API. A non-expected termination occurs, making it susceptible to Denial of Service (DoS) attacks. In this scenario, an attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. This results in the loss of the current context of users, causing a DoS scenario.