Description

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/07/18/1

https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3

Related Vulnerabilities

CVE-2020-10689 Vulnerability in maven package org.eclipse.che.infrastructure:infrastructure-kubernetes

CVE-2021-44832 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2020-11969 Vulnerability in maven package org.apache.tomee:openejb-lite

CVE-2021-39148 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2019-10417 Vulnerability in maven package io.fabric8.pipeline:kubernetes-pipeline-devops-steps

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Mailing List Third Party Advisory Release Notes Vendor Advisory NVD-CWE-noinfo