{"id":"MGASA-2014-0007","summary":"Updated nodejs package fixes security vulnerabilities","details":"A denial of service flaw was found in the way Node.js handled pipelined\nHTTP requests. A remote attacker could use this flaw to send an excessive\namount of HTTP requests over a network connection, causing Node.js to use\nan excessive amount of memory and possibly exit when all available memory\nis exhausted (CVE-2013-4450).\n\nDenial of service issues in the bundled v8 JavaScript library\n(CVE-2013-6639, CVE-2013-6640).\n","modified":"2026-04-16T06:24:28.218377088Z","published":"2014-01-06T01:20:19Z","upstream":["CVE-2013-4450","CVE-2013-6639","CVE-2013-6640"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0007.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11981"},{"type":"WEB","url":"http://blog.nodejs.org/2013/10/22/cve-2013-4450-http-server-pipeline-flood-dos/"},{"type":"WEB","url":"http://blog.nodejs.org/2013/12/19/node-v0-10-24-stable/"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1842.html"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nodejs?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.24-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0007.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}