CVE-2023-42955

Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the...

Oceanic 安全漏洞

Oceanic is a NodeJS library for interacting with Discord open-sourced by Oceanic. A security vulnerability exists in Oceanic versions prior to 1.10.4, which stems from uncleaned user input that may result in URL path traversal...

The vulnerability of the digital signature and XML encryption library for Node.js’ xml-crypto, related to improper verification of cryptographic signatures, allows attackers to forge digital signatures.

The vulnerability of the digital signature and encryption library for Node.js’ xml-crypto is related to improper validation of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to forge digital signatures by inserting a newly created, specially crafted signature...

UBUNTU-CVE-2024-33883

The ejs aka Embedded JavaScript templates package before 3.1.10 for Node.js lacks certain pollution protection...

The vulnerability of the Node.js software platform, related to deficiencies in HTTP request processing, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Node.js software platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely a type of HTTP Request Smuggling attack...

The vulnerability of the client HTTP/1.1 and the Node.js software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the HTTP/1.1 client and the Node.js software platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.x, 20.x, and 21.x. The vulnerability stems from the fact that an attacker can make the server completely unavailable by sending a small number of HTTP/2 framed packets...

nodejs: setuid() does not drop all privileges due to io_uring

A flaw was found in Node.js, where the setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid...

nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

nodejs: code injection and privilege escalation through Linux capabilities

A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

The vulnerability of the `node::http2::Http2Session::~Http2Session()` function in HTTP/2 server software for Node.js allows attackers to cause service failures.

The vulnerability of the node::http2::Http2Session::Http2Session function in HTTP/2 server-side software for Node.js is related to an uncontrolled resource consumption due to incorrect handling of header termination when processing CONTINUATION frames. Exploiting this vulnerability can allow a...

PT-2024-2956 · Node.Js +3 · Undici +3

Name of the Vulnerable Software and Affected Versions: Undici versions prior to 5.28.4 Undici versions prior to 6.11.1 Description: The issue is related to insufficient access control in the Undici HTTP/1.1 client for Node.js, allowing a remote attacker to execute arbitrary code by altering the...

The vulnerability of the excalidraw package on the Node.js software platform arises from the lack of measures to sanitize input data, allowing attackers to execute XSS attacks.

The vulnerability of the excalidraw package on the Node.js software platform is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially created link...

The vulnerability of the node-ip utility in the Node.js software platform allows a hacker to execute arbitrary code.

The vulnerability of the node-ip utility in the Node.js software platform is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

DEBIAN-CVE-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.18.x, 20.4.x, and 21.x, which stems from the fact that setuid does not relinquish all privileges as a result of iouring, allowing the process to perform privileged...

The vulnerability of the url.parse() function in the Node.js module follow-redirects allows attackers to carry out phishing attacks.

The vulnerability of the url.parse function in the Node.js follow-redirects module is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a remote attacker to carry out phishing attacks...

The vulnerability of the jsonpointer package on the Node.js software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the jsonpointer package in the Node.js software platform is related to errors in data type conversion. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Node.js software platform, related to improper code generation management, allows a malicious actor to execute arbitrary code with elevated privileges.

The vulnerability of the Node.js software platform is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with elevated privileges during exception handling for the CAPNETBINDSERVICE privilege...