November 26, 2020

CVE-2020-8277: Node.js Denial of Service Vulnerability Alert

1 min read
Recently, Node.js officially released a security update to fix a denial of service vulnerability (CVE-2020-8277). Attackers can trigger a denial of service attack through DNS requests.
Node.js LTS

Vulnerability Detail

The vulnerable version of the Node.js application allows an attacker to trigger a DNS request on a host of its choice. The attacker can trigger a denial of service by making the application resolve DNS records with a large number of responses.

Affected version

  • Versions 12.16.3 and higher on the 12.x release line
  • Versions 14.13.0 and higher on the 14.x release line
  • All versions of the 15.x release line

Unaffected version

  • Node.js v12.19.1
  • Node.js v14.15.1
  • Node.js v15.2.1

Solution

In this regard, we recommend that users upgrade Node.js to the latest version in time.