Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.8 views

nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS7AI score0.00674EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS0.00674EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/04/21 10:11 p.m.7 views

Node.js: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat

Vulnerability description not provided...

7.7CVSS5.8AI score0.00674EPSS
Exploits0
Rows per page
Query Builder