20 lines
1.3 KiB
Markdown
20 lines
1.3 KiB
Markdown
|
---
|
||
|
|
title: IMPORTANT! Update Node.JS to 18.19.1, 20.11.1, 21.6.2 or newer!
|
||
|
|
tags:
|
||
|
|
- cybersecurity
|
||
|
|
- node.js
|
||
|
|
category: Notices
|
||
|
|
thumbnail: /images/covers/IMPORTANT-Update-Node-JS-to-18-19-1-20-11-1-21-6-2-or-newer.png
|
||
|
|
date: 2024-03-13 03:18:40
|
||
|
|
---
|
||
|
|
|
||
|
|
**IMPORTANT! Update Node.JS to 18.19.1, 20.11.1, 21.6.2 or newer!**
|
||
|
|
|
||
|
|
Older versions of Node.JS had a [CVE-2024-22019 vulnerability](https://nodejs.org/en/blog/vulnerability/february-2024-security-releases#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high), which involves sending specially constructed HTTP request with chunked encoding, which leads to resource exhaustion and denial of service (DoS).
|
||
|
|
|
||
|
|
The original vulnerability description:
|
||
|
|
|
||
|
|
_A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits._
|
||
|
|
|
||
|
|
Future SVR.JS versions will warn you about this vulnerability in server logs, if you're running affected versions of Node.JS.
|