Resource Exhaustion Affecting nodejs-current package, versions <11.3.0-r0


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
41.29% (99th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALPINE324-NODEJSCURRENT-17301640
  • published11 Jun 2026
  • disclosed28 Nov 2018

Introduced: 28 Nov 2018

CVE-2018-12122  (opens in a new tab)
CWE-400  (opens in a new tab)

How to fix?

Upgrade Alpine:3.24 nodejs-current to version 11.3.0-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream nodejs-current package and not the nodejs-current package as distributed by Alpine. See How to fix? for Alpine:3.24 relevant fixed versions and status.

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

CVSS Base Scores

version 3.1