CVE-2022-36127
CVE-2022-36127 is a high-severity vulnerability in Apache Skywalking Nodejs Agent with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- EPSS exploit prediction: 2% (73rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Apache Skywalking Nodejs Agent
- Published:
- Last modified:
Description
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.
Frequently asked questions
- What is CVE-2022-36127?
- A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.
- How severe is CVE-2022-36127?
- CVE-2022-36127 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2022-36127 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (73rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-36127?
- CVE-2022-36127 affects Apache Skywalking Nodejs Agent. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-36127?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2022-36127 published?
- CVE-2022-36127 was published on 2022-07-18 and last updated on 2026-06-17.
References
- http://www.openwall.com/lists/oss-security/2022/07/18/1
- https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3
Affected products (1)
- cpe:2.3:a:apache:skywalking_nodejs_agent:*:*:*:*:*:node.js:*:*