7925 matches found
Memory Disclosure
Undici is vulnerable to Memory Leakage. The vulnerability is due to the response.arrayBuffer method, which potentially allows an attacker to exposes sensitive portions of memory from Node.js process depending on the network and process conditions...
CVE-2024-22020
A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...
Internet Bug Bounty: fs.fchown/fchmod bypasses permission model
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The vulnerability allows operations such as fs.fchown or fs.fchmod to bypass the permission model by using a "read-only" file descriptor to change the owner...
CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
CVE-2024-22020 vulnerabilities
Vulnerabilities for packages: kibana, nodejs...
CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
ALPINE-CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
DEBIAN-CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
UBUNTU-CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
CVE-2024-22020
CVE-2024-22020 (Node.js) is a real vulnerability affecting Node.js where an attacker can bypass network import restrictions by embedding non-network imports in data URLs, enabling arbitrary code execution. The issue is documented across multiple advisories (e.g., Debian DSA, CBLMariner, AlmaLinux...
CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
The vulnerability of the Node.js software platform, related to errors in processing input data, allows a hacker to execute arbitrary commands.
The vulnerability of the Node.js software platform is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Node.js Security Vulnerabilities
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from allowing bypassing network import restrictions, which can be exploited by an attacker to execute arbitrary code...
Node.js 20.x < 20.15.1, 21.x < 22.4.1 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js 20.x < 20.15.1, 21.x < 22.4.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
CVE-2024-38372
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. This has been patched in v6.19.2...