CVE-2018-12121

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 28, 2018

Updated: Dec 27, 2024

CWE ID 400

Summary

CVE-2018-12121 is a Denial of Service vulnerability affecting Node.js versions prior to 6.15.0, 8.14.0, 10.14.0, and 11.3.0. An attacker can exploit this issue by sending a large number of requests, each with maximum-sized headers, causing the HTTP server to abort due to heap allocation failure. The potential impact is reduced if a load balancer or other proxy layer is used.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nodejs Node.js
Red Hat Enterprise Linux
RedHat Enterprise Linux Server
Redhat Enterprise Linux Workstation

Affected Vendors

Red Hat
NODE JS

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/YS-Wbm
https://www.cve.org/CVERecord?id=CVE-2018-12121
https://nvd.nist.gov/vuln/detail/CVE-2018-12121

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners