CVE-2022-36127

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3", "name": "https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2022/07/18/1", "name": "[oss-security] 20220718 CVE-2022-36127: Apache SkyWalking NodeJS Agent: Service unavailability impact in NodeJS agent(version <= 0.5.0)", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-36127", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2022-07-18T12:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:skywalking:*:*:*:*:*:node.js:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.5.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-07-25T18:07Z"}