其中,Node v11.3.0 (Current) 和 v10.14.0 (LTS) 除了将 OpenSSL 更新至 1.1.0j ,还修复了以下漏洞:
Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
展开
评论