CVE-2022-36127 – skywalking-backend-js

Package

Manager: npm
Name: skywalking-backend-js
Vulnerable Version: >=0 <0.5.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.05156 pctl0.8949

Details

Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Metadata

Created: 2022-07-19T00:00:27Z
Modified: 2022-08-06T09:39:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-8gpg-466c-5cpj/GHSA-8gpg-466c-5cpj.json
CWE IDs: []
Alternative ID: GHSA-8gpg-466c-5cpj
Finding: F002
Auto approve: 1