Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
Max CVSS
7.5
EPSS Score
7.13%
Published
2017-10-30
Updated
2017-11-21
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
Max CVSS
7.5
EPSS Score
0.36%
Published
2017-10-10
Updated
2017-10-27
2 vulnerabilities found