Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.675 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3251-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request...

9.8CVSS6.8AI score0.03465EPSS
Exploits3References14
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.26 views

openSUSE: Security Advisory for nodejs16 (SUSE-SU-2022:3250-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.6AI score0.03465EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2022:3251-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.03465EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2022:3250-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.03465EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/09/09 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2022:3196-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.03465EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2022/09/09 12:0 a.m.41 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3196-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3196-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. -...

9.8CVSS6.8AI score0.03465EPSS
Exploits3References14
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/18 2:30 p.m.36 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...

9.8CVSS7.1AI score0.01388EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/08/15 11:21 a.m.15 views

CVE-2022-35948

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

5.3CVSS0.01203EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/08/13 12:0 a.m.7 views

CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

5.3CVSS5.5AI score0.01203EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/08/13 12:0 a.m.28 views

CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

5.3CVSS7.3AI score0.01203EPSS
Exploits1References3
Hacker One
Hacker One
added 2022/08/09 3:43 p.m.60 views

Internet Bug Bounty: CVE-2022-35948: CRLF Injection in Nodejs ‘undici’ via Content-Type

undici library should be protects HTTP headers from CRLF injection vulnerabilities. However, CRLF injection exists in the ‘content-type’ header of undici.request api. Impact = [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more...

5CVSS6.5AI score0.01203EPSS
Exploits1
Rows per page
Query Builder