DNS Request Amplification Denial of Service Vulnerability in Node.js

DNS Request Amplification Denial of Service Vulnerability in Node.js

CVE-2020-8277 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

Learn more about our Web Application Penetration Testing UK.