Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking OnlineThousands of Prometheus servers lack proper authentication, risking data leakage, DoS, and remote code execution attacks due to their exposure on the internet.
IMPORTANT! Update Node.JS to 18.19.1, 20.11.1, 21.6.2 or newer!Sending specially crafted HTTP request leads to resource exhaustion and denial of service in older versions of Node.JS.The vulnerability involves lack of limitations on chunk extension bytes causing CPU and network bandwidth exhaustion.