Description

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Remediation

References

https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3

http://www.openwall.com/lists/oss-security/2022/07/18/1

Related Vulnerabilities

CVE-2022-26884 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server

CVE-2020-11022 Vulnerability in maven package org.fujion.webjars:jquery

CVE-2021-29451 Vulnerability in maven package com.manydesigns:portofino-core

CVE-2023-24422 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2020-24590 Vulnerability in maven package org.wso2.carbon.governance:org.wso2.carbon.governance.generic

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Mailing List Release Notes Vendor Advisory Third Party Advisory NVD-CWE-noinfo