Timur Shemsedinov

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to 6.17.0 **Description** The issue allows HTTP and HTTPS connections to remain open and inactive for an extended period, which can be exploited as a potential Denial of Service (DoS) attack vector. This behavior is due to the lack of a dedicated timeout setting in affected versions. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Node.js versions prior to 6.17.0, consider introducing a timeout setting, such as server.keepAliveTimeout, to mitigate the risk of Denial of Service (DoS) attacks, ideally setting it to a default of 5 seconds as introduced in later versions.