Lucene search
K

5 matches found

OSV
OSV
added 2019/06/20 6:22 p.m.2 views

GHSA-MF6X-7MM4-X2G7 Out-of-bounds Read in stringstream

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module i...

6.5CVSS6.9AI score0.03638EPSS
Exploits1References3
OSV
OSV
added 2019/06/12 4:37 p.m.1 views

GHSA-57CF-349J-352G Out-of-bounds Read in npmconf

Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should not be used...

5.8AI score
Exploits0References2
OSV
OSV
added 2018/05/29 8:29 p.m.2 views

CVE-2018-3745

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below...

9.1CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2018/05/17 2:29 p.m.5 views

ALPINE-CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

7.5CVSS8.8AI score0.03381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/07/15 12:0 a.m.6 views

PT-2018-17919 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js versions 4.x Description: The issue concerns a potential regular expression denial of service ReDoS vector in the 'path' module. This module is used for various path parsing functions, including path.dirname, path.extname, and...

9.8CVSS7.7AI score0.95707EPSS
Exploits50References525
Rows per page
Query Builder