CVE-2022-36127

Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header in npm/skywalking-backend-js

Identifiers

GHSA-8gpg-466c-5cpj, CVE-2022-36127

Package Slug

npm/skywalking-backend-js

Vulnerability

Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header

Description

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

Affected Versions

All versions before 0.5.1

Solution

Upgrade to version 0.5.1 or above.

Last Modified

2022-08-09

source