Trevor Norris

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0 Node.js versions prior to 10.14.0 Node.js versions prior to 11.3.0 **Description** The issue allows for a Denial of Service with large HTTP headers. By using a combination of many requests with maximum sized headers, and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. The attack potential is mitigated by the use of a load balancer or other proxy layer. **Recommendations** For versions prior to 6.15.0, update to version 6.15.0 or later. For versions prior to 8.14.0, update to version 8.14.0 or later. For versions prior to 10.14.0, update to version 10.14.0 or later. For versions prior to 11.3.0, update to version 11.3.0 or later.