223 matches found
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1, nodejs-nodemon 2.0.20. Security Fixes: c-ares: buffer overflow in...
Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes
Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js http-cache-semantics
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js http-cache-semantics. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial ...
Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Security Bulletin: Potential denial of service in IBM DataPower Gateway (CVE-2022-25881)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially-crafted regex input using request header values, ...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:1942-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1942-1 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sen...
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2023:1923-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1923-1 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sen...
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:1924-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1924-1 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request...
SUSE: Security Advisory (SUSE-SU-2023:1923-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:1876-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1876-1 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request...
SUSE SLES15 / openSUSE 15 Security Update : nodejs14 (SUSE-SU-2023:1875-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1875-1 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request...
HTTP Request Smuggling
slim/psr7 is vulnerable to Insecure Header Validation. The vulnerability exists in the validateHeaderName function in Headers.php, which allows an attacker to sneak in a newline \n into header names and values, potentially resulting in HTTP cache poisoning or phishing attacks...
SUSE SLES15 / openSUSE 15 Security Update : nodejs10 (SUSE-SU-2023:1871-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1871-1 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request...
Security Bulletin: There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25881)
Summary There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a...
CentOS 8 : nodejs:14 (CESA-2023:1743)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1743 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
ALSA-2023:1743 Important: nodejs:14 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.3. Security Fixes: decode-uri-component: improper input validation resulting i...
RHEL 8 : nodejs:14 (RHSA-2023:1742)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1742 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...