CVE-2016-10571

bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

UBUNTU-CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

Node.js Denial of Service Vulnerability (CNVD-2017-36052)

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

nodejs: Constant Hashtable Seeds vulnerability

It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a deni...

MGASA-2017-0204 Updated nodejs packages fix security vulnerability

Node.js has a defect that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead on an HTTP response, a new-line character may be used to inject additional responses CVE-2016-5325. The tls.checkServerIdentity function in...

Red Hat Keycloak Node.js adapter authentication bypass vulnerability

Red Hat Keycloak Node.js adapter Red Hat's open source set of Node.js adapters for authentication and access management software in modern applications and services. A security vulnerability exists in Red Hat Keycloak Node.js adapter versions 2.5 through 3.0, which stems from the program failing ...

DEBIAN-CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

IBM SDK for Node.js Denial of Service Vulnerability

IBM SDK for Node.js is a set of U.S. IBM based on the Node.js open source project and for the IBM platform to provide an independent JavaScript runtime environment and server-side JavaScript solutions . A local denial of service vulnerability exists in IBM SDK for Node.js. An attacker could explo...

DEBIAN-CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

TrendMicro node.js http server arbitrary command execution vulnerability

Trend Micro is a global leader in network security software and services, leading the trend from desktop antivirus to network server and gateway antivirus with excellent foresight and technological innovation capabilities, and proving Trend Micro's foresight and leadership to the industry with it...