VDB

CVE-2020-8277

CVE-2020-8277 PUBLISHED CVSS 8.699999809265137 HIGH

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

EPSS 58.88% · 98.3th percentile

Risk Scores

CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
58.88%
98.3th percentile

Affected Products

VendorProductVersions
Bitnaminode-min14.13.0, 12.16.3, 15.0.0
Bitnaminode15.0.0, 14.13.0, 12.16.3
Bitnaminode-min12.16.3, 15.0.0, 14.13.0
Bitnaminode12.16.3, 15.0.0, 14.13.0

Exploit Intelligence

…and 44 more exploits

Timeline

  • CVE Published
  • Dec 16, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jul 21, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 20, 2022 EPSS Score
  • Feb 8, 2024 PoC Published
  • Mar 17, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Mar 22, 2025 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›