Node.js - (bulletinoct2019)ID: oval:org.secpod.oval:def:2105103 | Date: (C)2019-06-12 (M)2024-04-17 |
Class: PATCH | Family: unix |
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Product: |
runtime/nodejs |
runtime/nodejs/nodejs-8 |