CVE-2020-27543
HIGHrestify-paginate 0.0.5 - Denial of Service via Missing HTTP Host Header
Title source: llmDescription
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.
References (4)
Core 4
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/paulvarache/restify-paginate/
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/secoats/cve/tree/master/CVE-2020-27543_dos_restify-paginate
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210401-0002/
Product, Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/restify-paginate
Scores
CVSS v3
7.5
EPSS
0.0259
EPSS Percentile
83.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-755
Status
published
Products (2)
npm/restify-paginate
0npm
restify-paginate_project/restify-paginate
0.0.5
Published
Feb 25, 2021
Tracked Since
Feb 18, 2026