Denial of Service through DNS request Discovered in Node JS (CVE-2020-8277)

The Backend Engineering Show with Hussein Nasser - En podcast af Hussein Nasser

Kategorier:

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses. (CVE-2020-8277)  I discuss this attack in this video and whether you should fix it.  Impacts: * Versions 12.16.3 and higher on the 12.x release line * Versions 14.13.0 and higher on the 14.x release line * All versions of the 15.x release line   Resources https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#:~:text=Denial%20of%20Service%20through%20DNS,a%20larger%20number%20of%20responses. Code Fix  https://github.com/nodejs/node/commit/022899e1d5

Visit the podcast's native language site