Node.js Denial of Service Vulnerability (CNVD-2018-11811)

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

CVE-2016-10623

macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

DEBIAN-CVE-2016-10539

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...

Joyent Node.js atob Denial of Service Vulnerability

Joyent Node.js is the United States Joyent a set of web applications built on top of Google V8 JavaScript engine platform. atob is one of the use of Buffer to simulate the browser ATOB functionality of the module . A security vulnerability exists in atob 2.0.3 and earlier on Joyent Node.js 4.x an...

CVE-2016-10590

cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker i...

Joyent Node.js ssri module denial of service vulnerability

Joyent Node.js is a set of Joyent's web application platform built on top of Google's V8 JavaScript engine. ssri module is one of the modules used for parsing, manipulating, serializing, and verifying the integrity of sub-resources . A security vulnerability exists in the index.js file in the...

AZL-32178 CVE-2017-18214 affecting package reaper for versions less than 3.1.1-10

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

UBUNTU-CVE-2018-7651

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...

UBUNTU-CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

GHSA-HWCF-PP87-7X6P mde ejs vulnerable to XSS

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...

nodejs ejs cross-site scripting vulnerability

nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A cross-site scripting vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.5. A remote attacker can exploit the vulnerability to inject code...

nodejs ejs remote code execution vulnerability

nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A remote code execution vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.3, which stems from weak input validation. A remote attacker could...

Node.js tough-cookie module denial of service vulnerability

Node.js is a JavaScript runtime environment based on the Chrome V8 engine. A security vulnerability in the Node.js tough-cookie module's handling of HTTP requests using a special COOKIE allows remote attackers to exploit the vulnerability to submit specially crafted requests that can crash an...

DEBIAN-CVE-2017-15010

A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU...

UBUNTU-CVE-2017-15010

A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU...

Haraka Remote Command Execution Vulnerability

Haraka is written in Node.js with a modular plug-in structure of the open source SMTP server , in the high-traffic site has a very good application , serving thousands of services per second and send thousands of messages . Haraka suffers from a remote command execution vulnerability. An attacker...

UBUNTU-CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...

DEBIAN-CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

UBUNTU-CVE-2014-9772

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via hex-encoded characters...

UBUNTU-CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...