Description

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/07/18/1

https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3

Related Vulnerabilities

CVE-2019-10332 Vulnerability in maven package org.jenkins-ci.plugins:electricflow

CVE-2022-44262 Vulnerability in maven package org.ff4j:ff4j-core

CVE-2022-36893 Vulnerability in maven package org.jenkins-ci.plugins:rpmsign-plugin

CVE-2019-19703 Vulnerability in maven package io.ktor:ktor-client-core

CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_3

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Mailing List Third Party Advisory Release Notes Vendor Advisory NVD-CWE-noinfo