A flaw was found in all versions of Node.js 9.x and 10.x. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake.
Created nodejs tracking bugs for this issue:
Affects: epel-all [bug 1591021]
Affects: fedora-all [bug 1591019]
RHOAR NodeJS 10.4.1, has already been released with a fix for this issue.
This issue doesn't affect NodeJS 6, or 0.10 used by openshift-enterprise-10/logging-kibana and logging-auth-proxy respectively.