CVE-2015-9235

CVE-2015-9235 affects the jsonwebtoken Node.js module (pre-4.2.2). The vulnerability allows bypass of token verification when a token signed with RS/ES (asymmetric) is presented but validated with a symmetric HS* algorithm due to weak validation of the JWT algorithm type. This leads to potential ...

CVE-2015-9243

CVE-2015-9243 affects the hapi Node.js framework prior to version 11.1.4, where merging server/connection/route-level CORS configurations could cause security restrictions (e.g., origin) to be overridden by less restrictive defaults (origin → *). This confluence creates weaker CORS controls than ...

CVE-2015-9244

Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with mysql.escape which could lead to SQL Injection...

PT-2018-16166 · Node · Html-Pages

Name of the Vulnerable Software and Affected Versions: html-pages versions prior to 2.1.0 Description: The issue allows an attacker to read any file from the server, potentially using tools like cURL. This is due to a path traversal vulnerability in the html-pages node module. Recommendations:...

CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

Code injection

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

DEBIAN-CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

CVE-2018-3728

CVE-2018-3728 affects the hoek npm package. It is vulnerable to prototype pollution via the merge and applyToDefaults utilities, allowing an attacker to modify Object.prototype through proto and corrupt properties on all objects. Affected versions are hoek before 4.2.0 and 5.0.x before 5.0.3. Rem...

Downloads Resources over HTTP

Overview Affected versions of atom-node-module-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Electron Elevation of Privilege Vulnerability

Electron is a set of cross-platform desktop application development tools based on Web technology . A security vulnerability exists in Electron versions prior to 0.33.5, which can be exploited by an attacker to execute arbitrary programs with elevated privileges via a malicious Node module...

[SECURITY] Fedora 18 Update: nodejs-init-package-json-0.0.10-1.fc18

A node module to get your node module started, by creating its package.json metadata file...

CVE-2012-4474

Multiple cross-site scripting XSS vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2012-4473

The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node type page" permission to access unpublished nodes via a direct request...

CVE-2012-4474

Multiple cross-site scripting XSS vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2012-4474

CVE-2012-4474 : The Drupal contributed module Colorbox Node (7.x-2.x) is vulnerable to cross-site scripting (XSS) in versions prior to 7.x-2.2. The issue arises because the module did not adequately validate certain URL parameters before printing them to the browser, allowing an attacker to injec...

CVE-2012-2730

The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions...

CVE-2012-2730

The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions...