Preface:
Who use Node JS?
Node.js build various applications such as social media apps, video and text chat engines, real-time tracking apps, online games and collaboration tools. CiscoDevNet has sample to guide the developer how to integrate integrate Webex with node.js.
Technology background:
Node.js is an open-source, cross-platform JavaScript run-time environment that executes JavaScript code outside of a browser.
Severity of impact:
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default. A debug menu or debug mode is a user interface implemented in a computer program that allows the user to view and/or manipulate the program’s internal state for the purpose of debugging.
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers
Severity – High severity
Node.js Official announcement for reference:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/