skywalking-backend-js@0.1.0 vulnerabilities

The NodeJS agent for Apache SkyWalking

Direct Vulnerabilities

Known vulnerabilities in the skywalking-backend-js package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

skywalking-backend-js is a The NodeJS agent for Apache SkyWalking

Affected versions of this package are vulnerable to Denial of Service (DoS) which would cause NodeJS services that have this agent installed to be unavailable. This is exploitable if the header includes an illegal SkyWalking header like:

  1. OAP is unhealthy and the downstream service's agent can't establish the connection.

  2. Some sampling mechanism is activated in downstream agents.

How to fix Denial of Service (DoS)?

Upgrade skywalking-backend-js to version 0.5.1 or higher.

<0.5.1