The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.
References
Link | Resource |
---|---|
https://github.com/paulvarache/restify-paginate/ | Product Third Party Advisory |
https://github.com/secoats/cve/tree/master/CVE-2020-27543_dos_restify-paginate | Exploit Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210401-0002/ | Third Party Advisory |
https://www.npmjs.com/package/restify-paginate | Product Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Apr 2022, 14:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-755 | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210401-0002/ - Third Party Advisory | |
References | (MISC) https://github.com/paulvarache/restify-paginate/ - Product, Third Party Advisory | |
References | (MISC) https://www.npmjs.com/package/restify-paginate - Product, Third Party Advisory |
01 Apr 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Mar 2021, 21:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:restify-paginate_project:restify-paginate:0.0.5:*:*:*:*:node.js:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-610 | |
References | (MISC) https://github.com/secoats/cve/tree/master/CVE-2020-27543_dos_restify-paginate - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://www.npmjs.com/package/restify-paginate - Product | |
References | (MISC) https://github.com/paulvarache/restify-paginate/ - Third Party Advisory |
25 Feb 2021, 17:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-25 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-27543
Mitre link : CVE-2020-27543
CVE.ORG link : CVE-2020-27543
JSON object : View
Products Affected
restify-paginate_project
- restify-paginate
CWE
CWE-755
Improper Handling of Exceptional Conditions