Lucene search
K

345 matches found

SUSE CVE
SUSE CVE
added 2023/08/11 2:13 a.m.4 views

SUSE CVE-2023-32005

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.statfs API. As a result...

3.7CVSS9.1AI score0.01191EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/08/11 2:13 a.m.4 views

SUSE CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

7.1CVSS8.8AI score0.01817EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/08/11 2:13 a.m.5 views

SUSE CVE-2023-32558

The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...

7.5CVSS9.1AI score0.01481EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.5 views

Node.js path traversal vulnerability

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20 that stems from allowing an attacker to bypass the privilege model via path traversal using the API process.binding...

7.5CVSS6.9AI score0.01481EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/27 12:0 a.m.6 views

PT-2023-26484 · Node.Js · Sails

Name of the Vulnerable Software and Affected Versions: Sails versions prior to 1.5.7 Description: Sails is a realtime MVC Framework for Node.js. An attacker can send a virtual request that will cause the node process to crash. Recommendations: For versions prior to 1.5.7, update to version 1.5.7 ...

7.5CVSS7.4AI score0.0076EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2023/06/29 8:7 p.m.6 views

engine.io: Specially crafted HTTP request can trigger an uncaught exception

A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service...

7.1CVSS5.8AI score0.01939EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.2 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. Node.js has a security vulnerability that stems from the ability to bypass policy mechanisms...

7.5CVSS7.5AI score0.0105EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/06/22 2:38 a.m.2 views

SUSE CVE-2023-30582

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a...

5.3CVSS8.8AI score0.0058EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.4 views

PT-2023-4496 · Node.Js +7 · Node.Js +7

Name of the Vulnerable Software and Affected Versions: Node.js versions v16, v18, and v20 Description: The issue is related to the use of proto in process.mainModule. proto .require, which can bypass the policy mechanism and allow requiring modules outside of the policy.json definition. This...

9.8CVSS6.2AI score0.87211EPSS
Exploits5References203
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.8 views

PT-2023-24680 · Zxcvbn-Ts · Zxcvbn-Ts

Name of the Vulnerable Software and Affected Versions: zxcvbn-ts versions prior to 3.0.2 Description: This issue affects users running on the NodeJS platform who are using the second argument of the zxcvbn function. It can result in unbounded resource consumption as the user inputs array is...

7.5CVSS7.4AI score0.00496EPSS
Exploits0References5
Fedora
Fedora
added 2023/05/26 1:52 a.m.37 views

[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/09 11:51 a.m.2 views

Node.js: Fetch API did not protect against CRLF injection in host headers

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection...

6.5CVSS7.2AI score0.01129EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/04/12 3:4 p.m.3 views

Node.js: insecure loading of ICU data through ICU_DATA environment variable

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

4.2CVSS7.2AI score0.00471EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/04/12 3:3 p.m.2 views

Node.js: insecure loading of ICU data through ICU_DATA environment variable

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

4.2CVSS7.2AI score0.00471EPSS
Exploits0References4
OSV
OSV
added 2023/03/16 3:15 p.m.2 views

DEBIAN-CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6.3AI score0.00719EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/21 1:59 a.m.2 views

SUSE CVE-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

6.3CVSS7.9AI score0.02023EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/21 1:59 a.m.5 views

SUSE CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

7.1CVSS6.9AI score0.00471EPSS
Exploits0References15
OSV
OSV
added 2023/02/16 6:15 p.m.6 views

AZL-13604 CVE-2023-23936 affecting package nodejs for versions less than 16.19.1-1

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

5.4CVSS6.7AI score0.01129EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.3 views

SUSE CVE-2011-5037

Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...

5CVSS6.8AI score0.01529EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.3 views

SUSE CVE-2013-4450

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service memory and CPU consumption by sending a large number of pipelined requests without reading the response...

5CVSS7.4AI score0.3722EPSS
Exploits3References3
Rows per page
Query Builder