CVE-2017-11499

Name of the Vulnerable Software and Affected Versions Node.js versions 4.0 through 4.8.3 Node.js versions 5.x Node.js versions 6.0 through 6.11.0 Node.js versions 7.0 through 7.10.0 Node.js versions 8.0 through 8.1.3

Description The issue allows for hash flooding remote Denial of Service (DoS) attacks due to the constant HashTable seed across a given released version of Node.js. This is caused by building with V8 snapshots enabled by default, which overwrites the initially randomized seed on startup.

Recommendations For Node.js versions 4.0 through 4.8.3, update to a version outside of this range to resolve the issue. For Node.js versions 5.x, update to a version outside of this range to resolve the issue. For Node.js versions 6.0 through 6.11.0, update to a version outside of this range to resolve the issue. For Node.js versions 7.0 through 7.10.0, update to a version outside of this range to resolve the issue. For Node.js versions 8.0 through 8.1.3, update to a version outside of this range to resolve the issue.