The vulnerability of the providers.dll library in the Node.js software platform, related to HTTP request processing flaws, allows attackers to execute arbitrary code.

The vulnerability of the providers.dll library in the Node.js software platform is related to an uncontrolled search path during the loading of DLL libraries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ALPINE-CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

AZL-41051 CVE-2022-32213 affecting package rust for versions less than 1.75.0-1

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

CVE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3...

got 安全漏洞

got is a user-friendly and powerful HTTP request library for Node.js. A security vulnerability exists in versions of got prior to 12.1.0 that originates from allowing redirection to UNIX sockets...

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

GHSA-P84X-5XX8-HFF9 bson-objectid contains Improper input validation

An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...

The vulnerability of the Node-tar module in the Node.js library allows a hacker to write any files or execute any code.

The vulnerability of the Node-tar module in the Node.js library is related to insufficient checking of the path name to the restricted access directory. Exploiting this vulnerability could allow an attacker to write arbitrary files or execute arbitrary code...

convict 安全漏洞

convict is a featured configuration management library for Node.js. A security vulnerability exists in versions prior to convict 6.2.3...

Node.js 跨站脚本漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in jquery.json-viewer version 1.4.0 and earlier versions of Node.js, which stems from the inability to correctly escape characters e.g., in a JSON object, as shown in the SCRIPT element...

Vulnerability fixed in Oracle Java SE and GraalVM Enterprise Edition

Oracle has fixed vulnerabilities in the following products: Java SE JDK and JRE GraalVM Enterprise Edition The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of...

vulhub

This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The repository includes a variety ...

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...

PYSEC-2021-862

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.4.2, Python versions prior to 1.6.1, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.3 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in the...

The vulnerability of the LLHTTP component of the NodeJS object manipulation software allows attackers to enhance their privileges.

The vulnerability of the LLHTTP component in the NodeJS object manipulation software lies in inconsistencies during the interpretation of HTTP request headers. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

The vulnerability of the LLHTTP component in the NodeJS object manipulation software, which allows attackers to enhance their privileges.

The vulnerability of the LLHTTP component in the NodeJS object manipulation software lies in inconsistencies during the interpretation of HTTP request headers. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

The vulnerability of the Got and Normalize-url libraries for Node.js, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Got and Normalize-url libraries for Node.js is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Elastic Stack 7.14.1 Security Update

Kibana code execution issue ESA-2021-21 It was discovered that a user with fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the kibana...