Recently, Node.js officially released a security update to fix a denial of service vulnerability (CVE-2020-8277). Attackers can trigger a denial of service attack through DNS requests.
The vulnerable version of the Node.js application allows an attacker to trigger a DNS request on a host of its choice. The attacker can trigger a denial of service by making the application resolve DNS records with a large number of responses.
- Versions 12.16.3 and higher on the 12.x release line
- Versions 14.13.0 and higher on the 14.x release line
- All versions of the 15.x release line
- Node.js v12.19.1
- Node.js v14.15.1
- Node.js v15.2.1
In this regard, we recommend that users upgrade Node.js to the latest version in time.