Login Sign Up

CVE-2022-36127

7.5 HIGH
Denial of Service

📋 TL;DR

A denial-of-service vulnerability in Apache SkyWalking NodeJS Agent versions before 0.5.1 causes NodeJS services with this agent installed to become unavailable when the OAP (Observability Analysis Platform) is unhealthy and the agent cannot establish a connection. This affects any NodeJS service using vulnerable SkyWalking agent versions for application performance monitoring.

💻 Affected Systems

Products:
  • Apache SkyWalking NodeJS Agent
Versions: All versions prior to 0.5.1
Operating Systems: Any OS running NodeJS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where SkyWalking NodeJS Agent is installed and configured to connect to OAP.

📦 What is this software?

Skywalking Nodejs Agent by Apache

View all CVEs affecting Skywalking Nodejs Agent →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of NodeJS services when OAP connectivity fails, leading to service disruption and business impact.

🟠

Likely Case

Intermittent service unavailability during OAP maintenance, network issues, or OAP failures.

🟢

If Mitigated

Minimal impact with proper monitoring and failover mechanisms for OAP infrastructure.

🌐 Internet-Facing: MEDIUM - Internet-facing services could experience downtime if OAP connectivity fails, but requires specific infrastructure conditions.
🏢 Internal Only: MEDIUM - Internal services equally affected when OAP connectivity issues occur.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - No authentication required, but requires ability to disrupt OAP connectivity.

Exploitation requires causing OAP unavailability or network disruption between agent and OAP.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.5.1

Vendor Advisory: https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3

Restart Required: Yes

Instructions:

1. Update SkyWalking NodeJS Agent to version 0.5.1 or later. 2. Restart all NodeJS services using the agent. 3. Verify agent connectivity to OAP is restored.

🔧 Temporary Workarounds

Implement OAP High Availability

all

Deploy OAP in high-availability configuration to minimize connectivity failures.

Network Resilience Configuration

all

Configure network timeouts and retry logic in agent configuration.

Edit agent configuration to add: agent.config.timeout=5000
agent.config.max_retries=3

🧯 If You Can't Patch

  • Monitor OAP health closely and implement rapid response procedures for OAP failures.
  • Consider temporarily disabling SkyWalking agent in critical services if OAP becomes unavailable.

🔍 How to Verify

Check if Vulnerable:

Check package.json or agent configuration for SkyWalking NodeJS Agent version. If version is below 0.5.1, system is vulnerable.

Check Version:

npm list @apache/skywalking-nodejs-agent or check agent configuration file

Verify Fix Applied:

Verify agent version is 0.5.1 or higher and test by temporarily disconnecting OAP to ensure services remain available.

📡 Detection & Monitoring

Log Indicators:

  • Agent connection errors to OAP
  • Service unavailability logs coinciding with OAP connectivity issues

Network Indicators:

  • Increased failed connections to OAP port
  • Agent retry attempts to OAP

SIEM Query:

source="nodejs" AND ("SkyWalking" OR "OAP") AND ("connection failed" OR "unavailable")

📊 Metadata

CVE ID: CVE-2022-36127
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: July 18, 2022
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON