RHSA-2019:2939HighCVSS 7.5

Red Hat Security Advisory: rh-nodejs10-nodejs security update

Published
October 1, 2019
Last Modified
June 27, 2026

🔗 CVE IDs covered (12)

📋 Description

CVE-2018-12121 — nodejs: Denial of Service with large HTTP headers CVE-2018-12122 — nodejs: Slowloris HTTP Denial of Service CVE-2018-12123 — nodejs: Hostname spoofing in URL parser for javascript protocol CVE-2019-5737 — nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass CVE-2019-9511 — HTTP/2: large amount of data requests leads to denial of service CVE-2019-9512 — HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9513 — HTTP/2: flood using PRIORITY frames results in excessive resource consumption CVE-2019-9514 — HTTP/2: flood using HEADERS frames results in unbounded memory growth CVE-2019-9515 — HTTP/2: flood using SETTINGS frames results in unbounded memory growth CVE-2019-9516 — HTTP/2: 0-length headers lead to denial of service CVE-2019-9517 — HTTP/2: request for large response leads to denial of service CVE-2019-9518 — HTTP/2: flood using empty frames results in excessive resource consumption

🔗 References (11)