PT-2018-17926 · Node.Js +3 · Node.Js +3

Name of the Vulnerable Software and Affected Versions: Node.js versions 6.x through 9.x Description: The issue arises when calling Buffer.fill or Buffer.alloc with certain parameters, leading to a hang and potentially resulting in a Denial of Service. The implementations of Buffer.alloc and...

June 2018 Security Releases

June 2018 Security Releases Update 12-June-2018 Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement below. We recommend that all users upgrade as soon as possible...

CVE-2017-16184

scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16098

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...

Directory traversal

scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16184

scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16072

CVE-2017-16072 concerns the nodemailer.js package, which is identified as malware that steals environment variables. The npm package was published with malicious intent and has since been unpublished from the npm registry. Connected advisories and records describe the malware behavior and recomme...

CVE-2017-16184

Summary (CVE-2017-16184): The issue affects the Node.js/Express-based sample app scott-blanch-weather-app , where a directory traversal vulnerability exists in path handling that allows access to the filesystem by using sequences like '../../..'. The root cause is improper handling of user-suppli...

CVE-2018-3717

The CVE-2018-3717 entry concerns the connect Node.js middleware, where a Cross-Site Scripting (XSS) vulnerability exists due to lack of validation of files in the directory.js middleware. Affected versions are prior to 2.14.0. The underlying issue is inadequate input validation in directory.js, e...

CVE-2017-16083

node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL...

jadedown denial of service vulnerability

jadedown is a package used in Ndoe.js. A security vulnerability exists in jadedown. An attacker can exploit this vulnerability by passing in certain types of user input to cause a denial of service...

Node.js third-party modules: XSS in express-useragent through HTTP User-Agent

Hello, I would like to report an XSS in express-useragent module due a lack of validating User-Agent header. Please note I already created an Github issue and asked for CVE CVE-2018-9863. I did not know about Node.js third-party modules on hackerone. Description express-useragent is simple...

Node.js third-party modules: Arbitrary File Write through archive extraction

I would like to report arbitrary file write vulnerability in adm-zip module It allows attackers to write arbitrary files when a malicious archive is extracted. More info here: https://snyk.io/research/zip-slip-vulnerability https://github.com/snyk/zip-slip-vulnerabilityaffected-libraries Module...

Node.js third-party modules: Arbitrary File Write Through Archive Extraction

I would like to report arbitrary file write vulnerability in adm-zip module It allows attackers to write arbitrary files when a malicious archive is extracted. More info here: https://snyk.io/research/zip-slip-vulnerability https://github.com/snyk/zip-slip-vulnerabilityaffected-libraries Module...

CVE-2017-16025

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket...

CVE-2017-16019

GitBook is a command line tool and Node.js library for building beautiful books using GitHub/Git and Markdown or AsciiDoc. Stored Cross-Site-Scripting XSS is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader...

CVE-2017-16019

GitBook is a command line tool and Node.js library for building beautiful books using GitHub/Git and Markdown or AsciiDoc. Stored Cross-Site-Scripting XSS is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader...

CVE-2017-16007

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...

CVE-2017-16007

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...

CVE-2017-16019

GitBook (CLI and Node.js library) before version 3.2.2 is vulnerable to Stored XSS when code outside of backticks is included in any ebook, causing code to execute in the online reader. Affected versions: prior to 3.2.2. The issue is mitigated by upgrading to 3.2.2 or later.