Description

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/07/18/1

https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3

Related Vulnerabilities

CVE-2021-3805 Vulnerability in npm package object-path

CVE-2019-16550 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release

CVE-2020-6429 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-32200 Vulnerability in maven package org.apache.jena:jena

CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Mailing List Third Party Advisory Release Notes Vendor Advisory NVD-CWE-noinfo