CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.6%
A vulnerability in the Node.js software platform is related to insufficient data authentication.
Exploitation of the vulnerability could allow an attacker acting remotely to disable the validation of the
integrity
A vulnerability in the APIgenerateKeys() function of the Node.js software platform is related to a mismatch between the implementation and the documented design.
implementation and documented design. Exploitation of the vulnerability could allow an attacker,
acting remotely, to bypass existing security restrictions
Vulnerability in the WebAssembly module of the Node.js software platform is related to mismanagement of code generation.
code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary
commands
Vulnerability in the Node.js software platform, related to data encryption errors. Exploitation of the vulnerability
could allow a remote attacker to cause a denial of service
Vulnerability in Module._load() of the Node.js software platform, related to access control flaws.
access. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the imposed
security restrictions
Vulnerability in the process.mainModule.require() function of the Node.js software platform is related to authorization flaws.
authorization errors. Exploitation of the vulnerability could allow an attacker acting remotely to elevate their
privileges
Vulnerability of process.binding() module of Node.js software platform is related to authorization flaws.
access. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions.
security restrictions
HTTP/1.1 undici client vulnerability in the Node.js software platform is related to insufficient protection of service data.
service data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose
protected information
Vulnerability of module.constructor.createRequire() module of Node.js software platform is related to
access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the restrictions imposed on the module.constructor.createRequire().
remotely to bypass security restrictions
A vulnerability in the Node.js software platform is related to the use of an unreliable search path. Exploitation
exploitation of the vulnerability could allow an attacker to escalate privileges.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.6%