VYPR

Node Opcua

by Node Opcua

Source repositories

CVEs (4)

  • CVE-2024-57086HigFeb 5, 2025
    risk 0.49cvss 7.5epss 0.00

    A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

  • CVE-2022-24375HigAug 24, 2022
    risk 0.42cvss 7.5epss 0.01

    The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

  • CVE-2022-25231HigAug 23, 2022
    risk 0.42cvss 7.5epss 0.01

    The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.

  • CVE-2022-21208HigAug 23, 2022
    risk 0.42cvss 7.5epss 0.01

    The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of…