nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters

It was found that the Buffer.fill and Buffer.alloc function may hang. An attacker able to control the input of these function could use this flaw to cause a denial of service...

nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

Shopify: H1514 Server Side Template Injection in Return Magic email templates?

Summary: Possible template injection in return magic email templates. Description: I've been playing with return magic workflow email templates and there seems to be some kinda of template injection but I am not sure if it's exploitable or even valid. Here is why I think it could be vulnerable: I...

Node.js: Pull Request #12949 - Security Implications without CVE assignment

Summary: Pull Request 12949 has security implications but it was not assigned a CVE by the Node team. It is being reported by Qualys as a 6.8 severity issue without a CVE. Description: Here is the commit and pull request - https://github.com/nodejs/node/commit/010f864426...

SUSE-SU-2018:2812-1 Security update for nodejs8

This update for nodejs8 to version 8.11.4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: -...

SUSE-SU-2018:2796-1 Security update for nodejs6

This update for nodejs6 to version 6.14.4 fixes the following issues: Security issues fixed: CVE-2018-12115: Fixed an out-of-bounds OOB write in Buffer.write for UCS-2 encoding bsc1105019 CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter bsc1097158 Other issu...

Photon OS 2.0: Nodejs PHSA-2018-2.0-0093 (deprecated)

An update of 'nodejs' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0093. The text itself is copyright C VMware, Inc...

Important Photon OS Security Update - PHSA-2018-0185

Updates of 'nodejs' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0093

An update of 'nodejs' packages of Photon OS has been released...

Important Photon OS Security Update - PHSA-2018-0093

Updates of 'nodejs' packages of Photon OS have been released...

Security update for nodejs4 (moderate)

This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: - CVE-2018-0732: Client...

CVE-2016-1000232

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0...

Design/Logic Flaw

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0...

CVE-2016-1000232

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0...

CVE-2016-1000232

CVE-2016-1000232 affects the Node.js tough-cookie module: vulnerable in version 2.2.2 due to a Regular Expression Parsing DoS in HTTP Cookie header processing when parsing large headers. The issue could be triggered by a sufficiently large Cookie header. It has been fixed in 2.3.0; remediation is...

CVE-2016-1000232

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0...

Fedora Update for nodejs FEDORA-2018-d0505c1f21

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : 1:nodejs (2018-d0505c1f21)

August security updates for Node.js Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora Update for nodejs FEDORA-2018-cfe558a202

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unspecified Vulnerability in Joyent Node.js

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...