Denial of Service through DNS request Discovered in Node JS (CVE-2020-8277)
The Backend Engineering Show with Hussein Nasser - A podcast by Hussein Nasser
Categories:
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses. (CVE-2020-8277) I discuss this attack in this video and whether you should fix it. Impacts: * Versions 12.16.3 and higher on the 12.x release line * Versions 14.13.0 and higher on the 14.x release line * All versions of the 15.x release line Resources https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#:~:text=Denial%20of%20Service%20through%20DNS,a%20larger%20number%20of%20responses. Code Fix https://github.com/nodejs/node/commit/022899e1d5