WordPress WP Statistics plugin <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header vulnerability

Unauthenticated Stored Cross-Site Scripting via User-Agent Header vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Statistics versions = 14.15.4...

BIT-NODE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

OESA-2021-1058 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Security fix for the ALT Linux 9 package node version 14.15.4-alt1

Feb. 5, 2021 Vitaly Lipatov 14.15.4-alt1 - new version 14.15.4 with rpmrb script - CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference High - CVE-2020-8265: use-after-free in TLSWrap High - CVE-2020-8287: HTTP Request Smuggling in nodejs Low...

Security fix for the ALT Linux 10 package node version 14.15.4-alt1

Feb. 5, 2021 Vitaly Lipatov 14.15.4-alt1 - new version 14.15.4 with rpmrb script - CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference High - CVE-2020-8265: use-after-free in TLSWrap High - CVE-2020-8287: HTTP Request Smuggling in nodejs Low...

ALPINE-CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

PT-2021-2037 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 10.23.1 Node.js versions prior to 12.20.1 Node.js versions prior to 14.15.4 Node.js versions prior to 15.5.1 Description: The issue is related to a use-after-free bug in the TLS implementation of Node.js. When writin...