159 matches found
The vulnerability of the fs.statfs function in the Node.js software platform allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the fs.statfs function in the Node.js software platform is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the...
Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-766)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-766 advisory. node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders c...
nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service
A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...
nodejs: CONTINUATION frames DoS
A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...
nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...
AZL-34462 CVE-2024-25629 affecting package nodejs18 for versions less than 18.20.2-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
AZL-35048 CVE-2024-25629 affecting package nodejs for versions less than 20.14.0-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
PT-2024-2631 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted...
Important: nodejs
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nodejs Issue Correction: Run dnf update nodejs...
nodejs: Permissions policies can be bypassed via Module._load
A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...
nodejs: Permissions policies can be bypassed via Module._load
A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...
nodejs: mainModule.proto bypass experimental policy mechanism
A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...
nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()
A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...
nodejs: Permissions policies can be bypassed via Module._load
A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...
The vulnerability of the `process.mainModule.proto.require()` function in the Node.js software platform allows a attacker to compromise the integrity of the protected information.
The vulnerability of the process.mainModule.proto.require function in the Node.js software platform is related to authentication errors. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information...
Jenkins Plugin NodeJS 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
DEBIAN-CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
Important: nodejs
Issue Overview: Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range. CVE-2022-25883 Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2...
nodejs: mainModule.proto bypass experimental policy mechanism
A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...
nodejs: process interuption due to invalid Public Key information in x509 certificates
A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as...