CVE-2020-8251

HIGH

Node.js < 14.11.0 - DoS

Title source: llm

Description

Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.

References (5)

[Permissions Required] https://hackerone.com/reports/868834

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

[Vendor Advisory] https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

[Third Party Advisory] https://security.gentoo.org/glsa/202101-07

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20201009-0004/

Scores

CVSS v3 7.5

EPSS 0.0499

EPSS Percentile 89.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-400

Status published

Affected Products (2)

nodejs/node.js < 14.11.0

fedoraproject/fedora

Timeline

Published Sep 18, 2020

Tracked Since Feb 18, 2026