VulnCheck KEV: CVE-2024-55591

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

Fortinet FortiOS和FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment open-sourced by Node.js. A security vulnerability exists in Node.js that stems from mishandling of batch files, which allows malicious command line arguments to inject arbitrary commands and enable code execution even if she...

Security Bulletin: A vulnerability in the follow-redirect module affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the node.js follow-redirect module affects IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to...

Upcoming CVE for End-of-Life Node.js Versions

Upcoming CVE for End-of-Life Node.js Versions The Node.js Project is committed to ensuring the security and reliability of applications built on Node.js. As part of this commitment, we regularly review measures to help our users stay informed about security risks. Announcement We will soon issue ...

PT-2025-21253

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 24.x Description Node.js is susceptible to a remote crash issue due to a flaw in the SignTraits::DeriveBits function. This flaw can be triggered by malformed crypto input in background threads, leading to a...

PT-2025-21252 · Node.Js +4 · Node.Js +4

Name of the Vulnerable Software and Affected Versions: nodejs affected versions not specified Description: The issue is related to a corrupted pointer in the node::fs::ReadFileUtf8const FunctionCallbackInfoValue& args function when the args0 is a string. This is a problem in the nodejs package,...

PT-2025-21254 · Node.Js +5 · Llhttp +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the llhttp v9 upgrade node-undici in Debian Linux affected versions not specified Description: A flaw in the HTTP parser of Node.js allows improper termination of HTTP/1 headers using r rX instead of the required r r...

CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

Security Bulletin: Vulnerabilities in Node.js Elliptic module may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential information disclosure vulnerabilities has been identified related toNode.js Elliptic module that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details...

BIT-NODE-MIN-2020-8174

napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0...

BIT-NODE-MIN-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

BIT-NODE-MIN-2020-8251

Node.js 14.11.0 is vulnerable to HTTP denial of service DoS attacks based on delayed requests submission which can make the server unable to accept new connections...

BIT-NODE-MIN-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

BIT-NODE-MIN-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

BIT-NODE-MIN-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

BIT-NODE-MIN-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...