Lucene search
K

153 matches found

CNNVD
CNNVD
added 2021/02/23 12:0 a.m.6 views

Nodejs Security Vulnerabilities

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by packaging the Chromev8 engine and the use of event-driven and non-blocking IO applications to make the development of high-performance Javascript background applications possible. A security vulnerability exists in Nodejs,...

7.8CVSS7AI score0.77385EPSS
Exploits1References43
RedHat Linux
RedHat Linux
added 2021/02/16 2:25 p.m.2 views

nodejs: HTTP request smuggling via two copies of a header field in an http request

A flaw was found in nodejs. Affected versions of Node.js allow two copies of a header field in an HTTP request. The first header field is recognized while the second is ignored leading to HTTP request smuggling. The highest threat from this vulnerability is to data confidentiality and integrity...

6.5CVSS7.3AI score0.16296EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/02/15 6:28 p.m.2 views

nodejs: use-after-free in the TLS implementation

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...

8.1CVSS7.2AI score0.09009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/11/04 12:35 p.m.2 views

nodejs: HTTP request smuggling due to CR-to-Hyphen conversion

A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...

7.4CVSS7.2AI score0.05093EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/07 5:48 p.m.7 views

nodejs: TLS session reuse can lead to hostname verification bypass

A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...

7.4CVSS7.4AI score0.06065EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/02/25 1:42 p.m.3 views

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

9.8CVSS7.1AI score0.20041EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.3 views

nodejs: Hostname spoofing in URL parser for javascript protocol

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" e.g. "javAscript:" protoc...

4.3CVSS7.1AI score0.0405EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/08/22 9:15 p.m.4 views

nodejs: Out of bounds (OOB) write via UCS-2 encoding

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...

7.5CVSS7.3AI score0.08028EPSS
Exploits0References4
OSV
OSV
added 2018/06/13 4:29 p.m.1 views

DEBIAN-CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by...

7.5CVSS6.7AI score0.06411EPSS
Exploits0References1
OSV
OSV
added 2017/12/11 9:29 p.m.2 views

UBUNTU-CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

9.1CVSS6.9AI score0.02385EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/11/17 3:0 a.m.24 views

CVE-2017-1000189

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...

7.4AI score0.02267EPSS
Exploits0References2
Elastic
Elastic
added 2017/07/25 4:20 p.m.3 views

Elastic Stack 5.5.1 and Kibana 4.6.5 security update

Kibana Node.js security flaw ESA-2017-14 The version of Node.js shipped in all versions of Kibana prior to 5.5.1 contains a Denial of Service flaw in it's HashTable random seed. This flaw could allow a remote attacker to consume resources within Node.js preventing Kibana from servicing requests...

7.5CVSS7.8AI score0.05478EPSS
Exploits1
CNVD
CNVD
added 2016/11/10 12:0 a.m.8 views

Red Hat OpenShift Container Platform nodejs Denial of Service Vulnerability

Red Hat OpenShift Container Platform is a Red Hat application platform that enables organizations to develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. nodejs is a web application platform built on top of Google's V8...

5.3CVSS7.7AI score0.02356EPSS
Exploits0References1
Rows per page
Query Builder