PT-2018-11029 · Node.Js+3 · Node.Js+3

Jan Maybach

Published

2018-11-27

Updated

2026-05-18

CVE-2018-12122

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0 Node.js versions prior to 10.14.0 Node.js versions prior to 11.3.0

Description The issue allows an attacker to cause a Denial of Service (DoS) by sending headers very slowly, keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

Recommendations For versions prior to 6.15.0, update to version 6.15.0 or later. For versions prior to 8.14.0, update to version 8.14.0 or later. For versions prior to 10.14.0, update to version 10.14.0 or later. For versions prior to 11.3.0, update to version 11.3.0 or later.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2018-2749

BDU:2026-01429

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2018-12122

MGASA-2019-0277

OPENSUSE-SU-2019:0089-1

OPENSUSE-SU-2019_0088-1

OPENSUSE-SU-2019_0089-1

OPENSUSE-SU-2019_0234-1

RHSA-2019:1821

RHSA-2019:2939

SUSE-SU-2019:0117-1

SUSE-SU-2019:0118-1

SUSE-SU-2019:0395-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

USN-4796-1

Affected Products

Alt Linux

Node.Js

Suse

Ubuntu

PT-2018-11029 · Node.Js+3 · Node.Js+3

CVE-2018-12122

Weakness Enumeration

Related Identifiers

Affected Products

References · 438