node-opcua DoS when bypassing limitations for excessive memory consumption
- Severity:
- High
Description
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Recommendation
Update the node-opcua package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.74.0
- Patched version(s): 2.74.0
References
Related Issues
- @sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params - CVE-2025-32388
- MongoDB Shell may be susceptible to control character injection via pasting - CVE-2025-1692
- Strapi's field level permissions not being respected in relationship title - CVE-2023-37263
- Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS - CVE-2024-45812
- Tags:
- npm
- node-opcua
Anything's wrong? Let us know Last updated on January 30, 2023