DEBIAN-CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

AZL-13776 CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

UBUNTU-CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

UBUNTU-CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

K75532331: iRulesLX debug NodeJS vulnerability CVE-2019-6644

Security Advisory Description Similar to the issue identified in CVE-2018-12120, the BIG-IP system will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. CVE-2019-6644 Impac...

K15311661: NodeJS vulnerability CVE-2016-2086

Security Advisory Description Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. CVE-2016-2086 Impact An attacker may be able to perform HTTP reques...

K64462543: NodeJS vulnerability CVE-2015-2927

Security Advisory Description node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service bandwidth consumption. CVE-2015-2927 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluate...

K63025104: NodeJS vulnerability CVE-2018-7160

Security Advisory Description The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network acces...

K99038439: NodeJS vulnerability CVE-2012-2330

Security Advisory Description The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero...

K46337613: NodeJS vulnerability CVE-2015-8315

Security Advisory Description The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS. CVE-2015-8315 Impact There is no impact; F5 products are not affected by this...

K05052081: NodeJS vulnerability CVE-2015-8854

Security Advisory Description The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS." CVE-2015-885...

K35655050: NodeJS vulnerability CVE-2016-1669

Security Advisory Description The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service buffer overflow or possib...

K37111863: NodeJS vulnerability CVE-2018-12120

Security Advisory Description Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the...

K17011311: NodeJS vulnerability CVE-2022-35256

Security Advisory Description The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. CVE-2022-35256 Impact There is no impact; F5 products are not affected by this vulnerability...

CRLF Injection in Nodejs ‘undici’ via host

...

SUSE CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

MGASA-2023-0053 Updated nodejs-qs packages fix security vulnerability

nodejs qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query...

Updated nodejs-qs packages fix security vulnerability

nodejs qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query...

Internet Bug Bounty: CRLF Injection in Nodejs ‘undici’ via host

A vulnerability was discovered in the fetch API of Node.js versions 16.x, 18.x, and 19.x that allowed for CRLF injection in the 'host' header, potentially leading to attacks such as HTTP response splitting and HTTP header injection. The vulnerability was fixed in security releases...

Improper Access Control

nodejs is vulnerable to Improper Access Control. A remote attacker is able to bypass permissions and access non authorized modules by using process.mainModule.require function...