CVE-2018-7161 -- nodejsID: oval:org.secpod.oval:def:1901453 | Date: (C)2019-03-29 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
Platform: |
Ubuntu 18.10 |
Ubuntu 18.04 |