CVE-2020-8251
Description
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.055
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-8201,CVE-2020-8251,CVE-2020-8252 are fixed in Node.js 12 (x64) (12.18.4) | Windows |
| Vulnerabilities CVE-2020-8201,CVE-2020-8251,CVE-2020-8252 are fixed in Node.js 12 (12.18.4) | Windows |
| Vulnerabilities CVE-2020-8201,CVE-2020-8251,CVE-2020-8252 are fixed in Node.js 14 (14.21.3) | Windows |
| Vulnerabilities CVE-2020-8201,CVE-2020-8251,CVE-2020-8252 are fixed in Node.js 14 (x64) (14.21.3) | Windows |
| Vulnerabilities CVE-2020-8201,CVE-2020-8251,CVE-2020-8252 are fixed in Node.js 10 (x64) (10.22.1) | Windows |
| Vulnerabilities CVE-2020-8201,CVE-2020-8251,CVE-2020-8252 are fixed in Node.js 10 (10.22.1) | Windows |
| Vulnerabilities CVE-2020-8201,CVE-2020-8251,CVE-2020-8252 are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234