Rewterz Threat Advisory – CVE-2020-5666 – ICS:Mitsubishi Electric MELSEC iQ-R Series Denial of Service Vulnerability
November 16, 2020Rewterz Threat Advisory – Multiple RCE Flaws in Cisco Security Manager
November 17, 2020Rewterz Threat Advisory – CVE-2020-5666 – ICS:Mitsubishi Electric MELSEC iQ-R Series Denial of Service Vulnerability
November 16, 2020Rewterz Threat Advisory – Multiple RCE Flaws in Cisco Security Manager
November 17, 2020Severity
Medium
Analysis Summary
CVE-2020-8277
Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigger a DNS request for a host of their choice resulting in a denial of service.
Impact
Denial of service
Affected Vendors
NodeJs
Affected Products
- Upgrade to the latest version of Node.js (12.19.1
- 14.15.1 or 15.2.1 or later)
- Node.js Node.js 12
- Node.js Node.js 14.0
- Node.js Node.js 15.0
Remediation
Upgrade to the latest version of Node.js (12.19.1, 14.15.1 or 15.2.1 or later).