CVE-2020-8251

Reference Links

• https://hackerone.com/reports/868834
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
• https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
• https://security.gentoo.org/glsa/202101-07
• https://security.netapp.com/advisory/ntap-20201009-0004/
• https://exchange.xforce.ibmcloud.com/vulnerabilities/188592
• https://www.ibm.com/support/pages/node/6412707 (Advisory)
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

Parent vulnerabilities

(Appears in the following advisories)

• IBM-6412707

Frequently Asked Questions

• What is CVE-2020-8251?

  CVE-2020-8251 is a vulnerability in Node.js that allows for HTTP denial of service (DoS) attacks based on delayed requests submission.

• What is the severity of CVE-2020-8251?

  The severity of CVE-2020-8251 is high (7.5).

• How does CVE-2020-8251 affect Node.js?

  CVE-2020-8251 affects Node.js versions prior to 14.11.0, making them vulnerable to denial of service attacks.

• How can an attacker exploit CVE-2020-8251?

  An attacker can exploit CVE-2020-8251 by sending delayed unfinished HTTP/1.1 requests, causing the server to be unable to accept new connections and exhaust all available resources.

• How can I fix CVE-2020-8251?

  To fix CVE-2020-8251, it is recommended to update Node.js to version 14.11.0 or higher, as this vulnerability has been patched in that version.