7866 matches found
CVE-2017-18214
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...
CVE-2017-18214
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...
Design/Logic Flaw
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...
CVE-2017-18214
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...
CVE-2017-18214
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...
CVE-2017-18214
CVE-2017-18214 affects the Moment.js Node.js module prior to 2.19.3, enabling a regular-expression denial-of-service (ReDoS) via a crafted date string. The issue is described as a separate vulnerability from CVE-2016-4055, with practical risk being CPU exhaustion leading to potential denial of se...
DEBIAN-CVE-2018-7651
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...
Spoofing
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...
CVE-2018-7651
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...
CVE-2018-7651
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...
CVE-2018-7651
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...
Node.js third-party modules: `njwt` allocates uninitialized Buffers when number is passed in base64urlEncode input
I would like to report an uninitialized Buffer allocation issue in njwt. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: njwt version: 0.4.0 npm page:...
Node.js third-party modules: `put` allocates uninitialized Buffers when non-round numbers are passed in input
I would like to report an uninitialized Buffer allocation issue in put. It allows to extract sensitive data from uninitialized memory by passing in non-round numbers, in setups where typed user input can be passed e.g. from JSON. Module module name: put version: 0.0.6 npm page:...
CVE-2018-7651
The CVE-2018-7651 entry concerns the Node.js ssri module. Affected component: index.js in ssri prior to 5.2.2. Root cause: a regular expression denial of service (ReDoS) in strict mode triggered by a long base64 hash string. Impact: potential DoS condition; no exploitation specifics provided in t...
CVE-2018-7651
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...
CVE-2018-7651
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...
Node.js third-party modules: `utile` allocates uninitialized Buffers when number is passed in input
I would like to report an uninitialized Buffer allocation issue in utile. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: utile version: 0.3.0 npm page:...
Node.js third-party modules: `base64-url` below 2.0 allocates uninitialized Buffers when number is passed in input
I would like to report an uninitialized Buffer allocation issue in base64-url. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: base64-url version: 1.3.3...
Node.js third-party modules: `base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below
I would like to report an uninitialized Buffer allocation issue in base64url. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON, on Node.js 4.x and lower. Module module name:...
Node.js third-party modules: `atob` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below
I would like to report an uninitialized Buffer allocation issue in atob. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON, on Node.js 4.x and lower. Module module name: atob...