Denial of Service Vulnerability in Node.js by OpenJS Foundation
CVE-2019-5737

7.5HIGH

Key Information:

Vendor

Node.js

Status
Node.js
Vendor
CVE Published:
28 March 2019

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 36%

What is CVE-2019-5737?

Node.js versions prior to 6.17.0, 8.15.1, 10.15.2, and 11.10.1 are susceptible to a DoS attack. An attacker can exploit this by establishing HTTP or HTTPS connections in keep-alive mode and sending headers at a slow rate. This behavior harbors connections and their resources for an extended period, which can lead to service disruptions. Mitigation strategies include deploying load balancers or proxy layers to manage traffic more effectively. This vulnerability is related to a previous security issue (CVE-2018-12121) and affects all actively maintained Node.js release lines.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Node.js All versions prior to 6.17.0

Node.js All versions prior to 8.15.1

Node.js All versions prior to 10.15.2

References

https://nodejs.org/en/blog/vulnerability/february-2019-se...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

EPSS Score

36% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

JSON
.