21 matches found
Node.js: HashDoS in V8
Vulnerability description not provided...
PT-2026-28320
Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description An incomplete fix allows bypassing of intended write restrictions when using the Permission Model with restricted --allow-fs-write. Specifically, the FileHandle.chmod and FileHandle.chown methods...
EUVD-2025-21940
Malicious code in bioql PyPI...
K000152702: Node.js vulnerability CVE-2025-27209
Security Advisory Description The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can...
BIT-NODE-MIN-2025-27209
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...
BIT-NODE-2025-27209
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...
CVE-2025-27209
A flaw was found in nodejs. The V8 component’s rapidhash implementation introduces a HashDoS vulnerability, allowing an attacker who can control the strings being hashed to trigger excessive CPU usage by generating numerous hash collisions. This exploitation vector results in an application level...
CVE-2025-27209
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...
CVE-2025-27209
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...
CVE-2025-27209
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...
CVE-2025-27209
CVE-2025-27209 affects Node.js v24.x where the V8 string-hashing implementation (rapidhash) re-introduces a HashDoS risk: an attacker who controls input strings can induce hash collisions, potentially enabling a DoS-style attack without knowledge of the hash seed. The vulnerability is tied to the...
CVE-2025-27209
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...
Node.js 24.x < 24.4.1 HashDoS Vulnerability - Windows
Node.js is prone to a HashDoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js 24.x < 24.4.1 HashDoS Vulnerability - Mac OS X
Node.js is prone to a HashDoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
PT-2025-29694 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions 24.0.0 and later Description: The V8 release in Node.js reintroduced a HashDoS vulnerability due to changes in string hash computation using rapidhash. An attacker controlling the strings to be hashed can generate numerous ha...
Node.js: HashDoS in V8
The V8 release used in Node.js v24.0.0 changed how string hashes were computed using rapidhash. This implementation reintroduced the HashDoS vulnerability, where an attacker who could control the strings to be hashed could generate many hash collisions without knowing the hash-seed...
CVE-2024-39702
A flaw was found in the OpenResty package. Affected versions of this package are vulnerable to denial of service DoS through the string hashing function. This flaw allows an attacker to cause excessive resource usage and potentially lead to a denial of service with relatively few incoming request...
CVE-2024-39702
In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...
CVE-2024-39702
OpenResty 1.19.3.1 through 1.25.3.1 contains a HashDoS vulnerability in lj_str_hash.c (string hashing during interning). The issue is limited to the OpenResty fork in openresty/luajit2; LuaJIT/LuaJIT repo is unaffected. Attackers can cause excessive resource usage during proxy operations with cra...
CVE-2024-39702
In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...