Description

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/07/18/1

https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3

Related Vulnerabilities

CVE-2020-7690 Vulnerability in maven package org.webjars.npm:jspdf

CVE-2022-45396 Vulnerability in maven package com.thalesgroup.hudson.plugins:sourcemonitor

CVE-2021-21641 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds

CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources

CVE-2019-10329 Vulnerability in maven package org.jenkins-ci.plugins:influxdb

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Mailing List Third Party Advisory Release Notes Vendor Advisory NVD-CWE-noinfo