First published: Wed Jul 05 2023(Updated: )
Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By accessing public key info of provided certificates from user code, an attacker could exploit this vulnerability to force interruptions of application processing and cause a denial of service.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nodejs Node.js | >=16.0.0<16.20.1 | |
Nodejs Node.js | >=18.0.0<18.16.1 | |
Nodejs Node.js | >=20.0.0<20.3.1 | |
IBM Cognos Analytics | <=12.0.0-12.0.1 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP2 | |
IBM Cognos Analytics | <=11.1.1-11.1.7 FP7 | |
ubuntu/nodejs | <18.13.0+dfsg1-1ubuntu2.2 | 18.13.0+dfsg1-1ubuntu2.2 |
debian/nodejs | <=18.13.0+dfsg1-1 | 10.24.0~dfsg-1~deb10u1 10.24.0~dfsg-1~deb10u4 12.22.12~dfsg-1~deb11u4 18.19.0+dfsg-6~deb12u1 18.20.1+dfsg-4 20.13.1+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Node.js vulnerability is CVE-2023-30588.
The title of this vulnerability is 'Node.js is vulnerable to a denial of service caused by invalid public key information in x509 certificates.'
The severity of CVE-2023-30588 is medium with a severity score of 5.3.
This vulnerability could be exploited by accessing public key info of provided certificates to force interruptions of application processing and cause a denial of service.
To fix this vulnerability, update your Node.js installation to the latest version available.