8 matches found
CVE-2026-59892
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...
CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header
webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...
@isaacs/brace-expansion has Uncontrolled Resource Consumption
Summary @isaacs/brace-expansion is vulnerable to a Denial of Service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the...
EUVD-2020-1096
Malware in sbrugna...
GHSA-PWFR-8PQ7-X9QV Unauthenticated Denial of Service in the octokit/webhooks library
Impact Versions v9.26.0, v10.9.x, v11.1.x, v12.0.x all contained the code that would throw the error. Specifically, during a pentest we encountered a bug in the octokit/webhooks library a dependency of Probot, a framework for building Github Apps. The resulting request was found to cause an...
Denial of Service
Overview Affected versions of node-sass are vulnerable to Denial of Service DoS. Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::getimporterentry and CustomImporterBridge::postprocessreturnvalue that crash the Node process. This may allow...
GHSA-VPQ5-4RC8-C222 Denial of Service in canvas
Versions of canvas prior to 1.6.10 are vulnerable to Denial of Service. Processing malicious JPEGs or GIFs could crash the node process. Recommendation Upgrade to version 1.6.10...
Design/Logic Flaw
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...