CVE-2022-36127

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
apacheskywalking
𝑥
< 0.5.1
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2022/07/18/1
https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3
http://www.openwall.com/lists/oss-security/2022/07/18/1
https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3