svrjs/svrjs-blog
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions
This repository has been archived on 2024-09-12. You can view files and clone it, but cannot push or open issues or pull requests.
svrjs-blog/source/_posts/IMPORTANT-Update-Node-JS-to-18-19-1-20-11-1-21-6-2-or-newer.md
Dorian Niemiec 6521b98abf Initial commit
2024-03-15 23:24:27 +01:00

19 lines
1.3 KiB
Markdown
Raw Blame History

---
title: IMPORTANT! Update Node.JS to 18.19.1, 20.11.1, 21.6.2 or newer!
tags:
- cybersecurity
- node.js
category: Notices
thumbnail: /images/covers/IMPORTANT-Update-Node-JS-to-18-19-1-20-11-1-21-6-2-or-newer.png
date: 2024-03-13 03:18:40
---
**IMPORTANT! Update Node.JS to 18.19.1, 20.11.1, 21.6.2 or newer!**
Older versions of Node.JS had a [CVE-2024-22019 vulnerability](https://nodejs.org/en/blog/vulnerability/february-2024-security-releases#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high), which involves sending specially constructed HTTP request with chunked encoding, which leads to resource exhaustion and denial of service (DoS).
The original vulnerability description:
_A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits._
Future SVR.JS versions will warn you about this vulnerability in server logs, if you're running affected versions of Node.JS.
Reference in a new issue View git blame Copy permalink