CVE-2020-27543 - The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service

CVE-2020-27543

Summary

The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.

References

https://www.npmjs.com/package/restify-paginate
https://github.com/secoats/cve/tree/master/CVE-2020-27543_dos_restify-paginate
https://github.com/paulvarache/restify-paginate/
https://security.netapp.com/advisory/ntap-20210401-0002/

Vulnerable Configurations

cpe:2.3:a:restify-paginate_project:restify-paginate:0.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:restify-paginate_project:restify-paginate:0.0.5:*:*:*:*:node.js:*:*

CVSS

Base:	5.0 (as of 08-04-2022 - 14:23)
Impact:
Exploitability:

CWE

CWE-755

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

Last major update

08-04-2022 - 14:23

Published

25-02-2021 - 17:15

Last modified

08-04-2022 - 14:23