Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Node.js 安全漏洞
Vulnerability Description
Node.js是一个开源、跨平台的 JavaScript 运行时环境。 Node.js存在安全漏洞,该漏洞源于缺乏对块扩展字节的保护。攻击者利用该漏洞使用分块编码发送特制的 HTTP 请求,从而导致资源耗尽和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A