Vulnerability Details : CVE-2022-36127
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.
Products affected by CVE-2022-36127
- cpe:2.3:a:apache:skywalking:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36127
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36127
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2022-36127
-
http://www.openwall.com/lists/oss-security/2022/07/18/1
oss-security - CVE-2022-36127: Apache SkyWalking NodeJS Agent: Service unavailability impact in NodeJS agent(version <= 0.5.0)Mailing List;Third Party Advisory
-
https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3
Apache SkyWalking NodeJS patch version 0.5.1 Released-Apache Mail ArchivesMailing List;Release Notes;Vendor Advisory
Jump to