Description

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/07/18/1

https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3

Related Vulnerabilities

CVE-2020-11022 Vulnerability in maven package org.webjars.bower:jquery

CVE-2020-28445 Vulnerability in npm package npm-help

CVE-2021-32851 Vulnerability in npm package mind-elixir

CVE-2021-21638 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2022-36886 Vulnerability in maven package org.jenkins-ci.plugins:external-monitor-job

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Mailing List Third Party Advisory Release Notes Vendor Advisory NVD-CWE-noinfo