js HTTP parser could be exploited to cause a denial of service or potentially execute arbitrary code on systems running an application server using Node.js 6.x through 8.x, either directly or via modules that use the HTTP parser, such as express (CVE-2018-7158).

– The flaw was patched in version 8.9 and later versions of Node.js; if you are still using older versions of this framework then it is time to update them immediately
https://t.co/BMGyEqWRAX