{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T17:19:48.654","vulnerabilities":[{"cve":{"id":"CVE-2024-22025","sourceIdentifier":"support@hackerone.com","published":"2024-03-19T05:15:10.267","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.\nThe vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.\nAn attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en Node.js, que permite un ataque de denegación de servicio (DoS) por agotamiento de recursos cuando se utiliza la función fetch() para recuperar contenido de una URL que no es de confianza. La vulnerabilidad surge del hecho de que la función fetch() en Node.js siempre decodifica Brotli, lo que hace posible que un atacante provoque el agotamiento de los recursos al recuperar contenido de una URL que no es de confianza. Un atacante que controle la URL pasada a fetch() puede aprovechar esta vulnerabilidad para agotar la memoria, lo que podría provocar la terminación del proceso, según la configuración del sistema."}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"references":[{"url":"https://hackerone.com/reports/2284065","source":"support@hackerone.com"},{"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html","source":"support@hackerone.com"},{"url":"https://security.netapp.com/advisory/ntap-20240517-0008/","source":"support@hackerone.com"},{"url":"https://hackerone.com/reports/2284065","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20240517-0008/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}