GHSA-HWCF-PP87-7X6P mde ejs vulnerable to XSS

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...

nodejs ejs remote code execution vulnerability

nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A remote code execution vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.3, which stems from weak input validation. A remote attacker could...

nodejs ejs cross-site scripting vulnerability

nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A cross-site scripting vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.5. A remote attacker can exploit the vulnerability to inject code...

Node.js tough-cookie module denial of service vulnerability

Node.js is a JavaScript runtime environment based on the Chrome V8 engine. A security vulnerability in the Node.js tough-cookie module's handling of HTTP requests using a special COOKIE allows remote attackers to exploit the vulnerability to submit specially crafted requests that can crash an...

DEBIAN-CVE-2017-15010

A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU...

UBUNTU-CVE-2017-15010

A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU...

Haraka Remote Command Execution Vulnerability

Haraka is written in Node.js with a modular plug-in structure of the open source SMTP server , in the high-traffic site has a very good application , serving thousands of services per second and send thousands of messages . Haraka suffers from a remote command execution vulnerability. An attacker...

DEBIAN-CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

UBUNTU-CVE-2014-9772

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via hex-encoded characters...

UBUNTU-CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...

UBUNTU-CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...

DEBIAN-CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

Joyent Node.js moment denial of service vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A denial of service vulnerability exists in Joyent Node.js moment due to a failure of the moment.duration function to check input, allowing remote attackers to submit special regular expressions for denial...

Joyent Node.js validator security bypass vulnerability (CNVD-2016-02548)

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...

Joyent Node.js validator security bypass vulnerability (CNVD-2016-02546)

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...

DEBIAN-CVE-2016-2216

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

DEBIAN-CVE-2015-8027

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service uncaughtException and service outage via a pipelined HTTP request...

UBUNTU-CVE-2015-8027

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service uncaughtException and service outage via a pipelined HTTP request...

DEBIAN-CVE-2015-1164

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...

UBUNTU-CVE-2015-1164

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...