CVE-2020-27543 — Denial of Service (DoS) in restify-paginate

Description

The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.

How to fix CVE-2020-27543

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

npm/restify-paginate—no fix listed

Is CVE-2020-27543 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 0.0.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-27543
WEBgithub.com/paulvarache/restify-paginate
WEBgithub.com/secoats/cve/tree/master/CVE-2020-27543_dos_restify-paginate
WEBsecurity.netapp.com/advisory/ntap-20210401-0002
WEB