GHSA-8gpg-466c-5cpj

Source

https://github.com/advisories/GHSA-8gpg-466c-5cpj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-8gpg-466c-5cpj/GHSA-8gpg-466c-5cpj.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-8gpg-466c-5cpj

Aliases

CVE-2022-36127

Published

2022-07-19T00:00:27Z

Modified

2023-11-01T04:59:32.720374Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header

Details

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Database specific

{
    "nvd_published_at": "2022-07-18T12:15:00Z",
    "github_reviewed_at": "2022-08-06T09:39:04Z",
    "cwe_ids": [],
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

npm / skywalking-backend-js

Package

Name: skywalking-backend-js; View open source insights on deps.dev
Purl: pkg:npm/skywalking-backend-js

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-8gpg-466c-5cpj/GHSA-8gpg-466c-5cpj.json"