DEBIAN-CVE-2022-21824

Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...

CVE-2022-21824

Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...

ALPINE-CVE-2021-22930

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior...

PT-2021-6095 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 12.22.9 Node.js versions prior to 14.18.3 Node.js versions prior to 16.13.2 Node.js versions prior to 17.3.1 Description: The issue is related to the formatting logic of the console.table function, which allows...

Node.js: All versions prior to Node.js 6.15.0 8.14.0 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection) and carefully timed completion of the headers it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

...

PT-2021-3596 · Node.Js +9 · Node.Js +9

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 16.4.1 Node.js versions prior to 14.17.2 Node.js versions prior to 12.22.2 Description: The issue is related to an out-of-bounds read in the uv idna toascii function of the Node.js platform, which can be triggered vi...

ALPINE-CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DN...

ALPINE-CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

DEBIAN-CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

UBUNTU-CVE-2020-8174

napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0...

CVE-2020-8174

napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0...

CVE-2020-8174

napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0...

UBUNTU-CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

Design/Logic Flaw

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

CVE-2020-12002

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution...

ALPINE-CVE-2019-15604

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate...

UBUNTU-CVE-2019-15605

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...

UBUNTU-CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

PT-2022-1547 · Node.Js +7 · Node.Js +7

Name of the Vulnerable Software and Affected Versions: Node.js versions 12.22.9 Node.js versions 14.18.3 Node.js versions 16.13.2 Node.js versions 17.3.1 Description: The issue is related to the conversion of SANs Subject Alternative Names to a string format in Node.js, which is used to check pee...

nodejs: Denial of Service with large HTTP headers

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...