Description
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.
References (2)
Core 2
Core References
Mailing List, Release Notes, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/07/18/1
Scores
CVSS v3
7.5
EPSS
0.0516
EPSS Percentile
90.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (2)
apache/skywalking_nodejs_agent
< 0.5.1
npm/skywalking-backend-js
0 - 0.5.1npm
Published
Jul 18, 2022
Tracked Since
Feb 18, 2026