N/A

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.

N/A

未加控制的资源消耗(资源穷尽)

Joyent Node.js 资源管理错误漏洞

Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。该平台主要用于构建高度可伸缩的应用程序，以及编写能够处理数万条且同时连接到一个物理机的连接代码。 Joyent Node.js中存在资源管理错误漏洞，该漏洞源于程序没有控制资源的消耗。攻击者可利用该漏洞造成拒绝服务。以下版本受到影响：Joyent Node.js 6.17.0之前的6.x版本；8.15.1之前的8.x版本；10.15.2之前的10.x版本；11.10.1之前的11.

N/A

N/A