AlmaLinux 8 : nodejs:18 (ALSA-2024:6148)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6148 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction via...

Exploit for Prototype Pollution in Clickbar Dot-Diver

CVE-2023-45827 취약점 개요 - CVE-2023-45827 - CVSS : 9.8 -...

AZL-35049 CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

AZL-35050 CVE-2024-22195 affecting package nodejs for versions less than 20.14.0-1

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883).

Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver CVE-2023-26136, CVE-2022-25883. The fix includes versions tough-cookie =4.1.3 & semver =7.5.4 and 5.7.2 Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION...

Security Bulletin: Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitatio...

MAL-2022-4898 Malicious code in nodeg5i (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c328246bd6644221a0c65c45f0bd9fb7734948f30a6567ce316d697e4f485289 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2022-23309 · Npm · File-Type

Name of the Vulnerable Software and Affected Versions: file-type versions 13.0.0 through 16.5.4 file-type versions 17.x before 17.1.3 Description: An issue was discovered in the file-type package for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loo...

Broken Authentication in Atlassian Connect Express

Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...

Mageia: Security Advisory (MGASA-2021-0092)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with multiple vulnerabilities

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the node-sass package that has multiple vulnerabilities. As of v10.0.0, ISIQ has upgraded to a newer, secure version of node-sass. Vulnerability Details CVEID: CVE-2018-11697 DESCRIPTION: LibSaas could...

EUVD-2021-0493

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag...

Improper access control

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

Command Injection

Overview im-resize is an efficient image resize with support for multiple thumbnail configurations using ImageMagick's convert command. Affected versions of this package are vulnerable to Command Injection. The cmd argument used within index.js, can be controlled by user without any sanitization...

Security Bulletin: Node.js Package Manager (npm) Bearer Token Vulnerability affects IBM Rational Application Developer for WebSphere Software (CVE-2016-3956)

Summary A vulnerability in the Node Package Manager's use of HTTP bearer tokens affects IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2016-3956 DESCRIPTION: npm could allow a remote attacker to obtain sensitive information, caused by the unintentional leakage of bearer tokens from the...

jadedown denial of service vulnerability

jadedown is a package used in Ndoe.js. A security vulnerability exists in jadedown. An attacker can exploit this vulnerability by passing in certain types of user input to cause a denial of service...

CVE-2015-8854

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS."...

CVE-2015-8860

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

MGASA-2014-0007 Updated nodejs package fixes security vulnerabilities

A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...