CVE-2022-36127

EUVD-2022-6291
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
apacheskywalking_nodejs_agent
𝑥
< 0.5.1
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2022/07/18/1
https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3
http://www.openwall.com/lists/oss-security/2022/07/18/1
https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3