FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Node.js -- November 2020 Security Releases

Affected packages
node < 15.2.1
node14 < 14.15.1
node12 < 12.19.1

Details

VuXML ID ad792169-2aa4-11eb-ab71-0022489ad614
Discovery 2020-11-16
Entry 2020-11-21

Node.js reports:

Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues.

Denial of Service through DNS request (CVE-2020-8277)

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses.

References

CVE Name CVE-2020-8277
URL https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/