7914 matches found
CVE-2019-16772
The CVE-2019-16772 entry concerns the npm package serialize-to-js, with versions before 3.0.1 vulnerable to XSS due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward slashes, but non-Node.js environmen...
CVE-2019-16772 regular expressions Cross-Site Scripting (XSS) vulnerability in serialize-to-js
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...
GHSA-3FJQ-93XJ-3F3F Cross-Site Scripting in serialize-to-js
Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 3.0.1 or later...
Cross-Site Scripting in serialize-to-js
Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 3.0.1 or later...
[SECURITY] Fedora 31 Update: nodejs-12.13.1-1.fc31
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
Cross-Site Scripting (XSS)
serialize-javascript is vulnerable to cross-site scripting XSS. Unsafe characters are not properly validated and sanitized in serialized regular expressions, allowing an attacker to inject and execute arbitrary Javascript into a victim's browser. This vulnerability is not affected on Node.js...
Fedora 31 : 1:libuv / 1:nodejs (2019-7443ebda4b)
Update to Node.js upstream release 12.13.1 https://nodejs.org/en/blog/release/v12.13.1/ Also fixes an issue where running npm -g was risky on RPM-installed systems. Fedora's packaged NPM will now install global content in /usr/local instead of /usr where it could conflict with RPM-provided...
CVE-2019-16769
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...
CVE-2019-16769
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...
Cross site scripting
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...
CVE-2019-16769
The CVE-2019-16769 issue affects the npm package serialize-javascript prior to version 2.1.1, which is vulnerable to Cross-site Scripting (XSS) due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward sla...
Cross-Site Scripting in serialize-javascript
Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later...
Juniper Junos Space < 19.2R1 Multiple Vulnerabilities (JSA10951)
According to its self-reported version number, the remote Junos Space version is prior to 19.2R1. It is, therefore, affected by multiple vulnerabilities: - A memory double free vulnerability exists in The libcurl API function called curlmaprintf before version 7.51.0 due to an unsafe sizet...
Node.js third-party modules: [Total.js] Path traversal vulnerability allows to read files outside public directory
I would like to report path traversal in Total.js. It allows read arbitrary files outside public directory. Module module name: Total.js version: 3.3.2 npm page: https://www.npmjs.com/package/total.js Module Description Total.js framework is a framework for Node.js platfrom written in pure...
Node.js third-party modules: [express-laravel-passport] Improper Authentication
I would like to report Improper Authentication in express-laravel-passport It allows to forge user's identity Module module name: express-laravel-passport version: 1.1.2 npm page: https://www.npmjs.com/package/express-laravel-passport Module Description You want a middleware support express get...
Node.js 'lodahs' Package CVE-2019-19771 Unspecified Security Vulnerability
Description The 'lodahs' Package for Node.js is prone to an unspecified security vulnerability. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Node.js lodahs version 1.0.0 is vulnerable Technologies Affected Node...
Security Bulletin: Security Vulnerabilities affect Cloud Foundry for IBM Cloud Private - Node.js
Summary Security vulnerabilities affect Cloud Foundry for IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send...
Node.js: HTTP request smuggling using malformed Transfer-Encoding header
Please see the attached PDF for a writeup of this vulnerability. Impact Please see the attached PDF for a writeup of this vulnerability...
EulerOS 2.0 SP5 : http-parser (EulerOS-SA-2019-2158)
According to the versions of the http-parser package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This is a parser for HTTP messages written in C. It parses both requests and responses. The parser is designed to be used in performance HTT...
EulerOS 2.0 SP3 : http-parser (EulerOS-SA-2019-2238)
According to the versions of the http-parser package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 t...