CVE-2022-32214 affecting package nodejs for versions less than 16.16.0-1

CVE-2022-32214 affecting package nodejs for versions less than 16.16.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-32213 affecting package nodejs for versions less than 16.20.2-4

CVE-2022-32213 affecting package nodejs for versions less than 16.20.2-4. An upgraded version of the package is available that resolves this issue...

@abramltd/jwt-oauth2-middleware (=0.1.0), @aerocorp/cli (=7.0.5) +173 more potentially affected by CVE-2020-26938 via oauth2-server (>=2.2.2 <=3.1.1)

oauth2-server NPM version =2.2.2, =1.0.0, =0.0.1, =2.1.0, =3.0.0, =0.4.1, =0.1.0, =3.0.0, =3.0.0, =3.5.8 and more Source cves: CVE-2020-26938 Source advisory: OSV:GHSA-4RG6-FM25-GC34...

Mageia: Security Advisory (MGASA-2022-0294)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0294 Updated nodejs packages fix security vulnerability

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

Malicious code in babelpluginmodulexresjzlver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b6fa027913105f15b5180aa2048fa3afa2a352f60500efb766c709ff16d9362 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type

Impact = [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await...

`undici.request` vulnerable to SSRF using absolute URL on `pathname`

Impact undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici = require"undici" undici.requestorigin: "http://example.com",...

CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

DEBIAN-CVE-2022-35949

undici is an HTTP/1.1 client, written from scratch for Node.js.undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici =...

CVE-2022-32212 affecting package nodejs 14.18.3-1

CVE-2022-32212 affecting package nodejs 14.18.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-32213 affecting package nodejs 14.18.3-1

CVE-2022-32213 affecting package nodejs 14.18.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-32215 affecting package nodejs 14.18.3-1

CVE-2022-32215 affecting package nodejs 14.18.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-32214 affecting package nodejs 14.18.3-1

CVE-2022-32214 affecting package nodejs 14.18.3-1. An upgraded version of the package is available that resolves this issue...

Malicious code in quest-bee-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 554817dcee33cd9d1832a7cf89456ca2d38f2c4f6e0c454f135842c0d2473aaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5563 Malicious code in quest-bee-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 554817dcee33cd9d1832a7cf89456ca2d38f2c4f6e0c454f135842c0d2473aaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NodeJS System Information Library Command Injection (CVE-2021-21315)

Binary data nodejscve-2021-21315.nbin...

Internet Bug Bounty: CVE-2022-35948: CRLF Injection in Nodejs ‘undici’ via Content-Type

undici library should be protects HTTP headers from CRLF injection vulnerabilities. However, CRLF injection exists in the ‘content-type’ header of undici.request api. Impact = [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more...

Malicious Package

Overview performance-quality-models-nodejs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...