Node.js third-party modules: `stringstream` allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below

I would like to report n uninitialized Buffer allocation issue in stringstream. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed to the stream e.g. from JSON, on Node.js 4.x and lower. Modu...

Node.js third-party modules: `http-proxy-agent` passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak

I would like to report a Buffer allocation vulnerability in http-proxy-agent. In setups where auth argument is user-controlled, it allows to: cause Denial of Service by trivially consuming all the available CPU resources extract uninitialized memory chunks from the server on Node.js This module...

Elastic Kibana 'CVE-2017-11499' DoS Vulnerability - Windows

Elastic Kibana is shipping a version of Node.js which is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Elastic Kibana 'CVE-2017-11499' DoS Vulnerability - Linux

Elastic Kibana is shipping a version of Node.js which is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Node.js third-party modules: [hekto] open redirect when target domain name is used as html filename on server

Hi, There is an open redirect in hekto when target domain name is used as html filename on server. Module module name: hekto version: 0.2.3 npm page: https://www.npmjs.com/package/hekto Module Description This package exposes a directory and its children to create, read, update, and delete...

Node.js third-party modules: `foreman` is vulnerable to ReDoS in path

I would like to report ReDoS in foreman. It allows to cause denial of service by suppling a crafted path. Module module name: foreman version: 2.0.0 npm page: https://www.npmjs.com/package/foreman Module Description Node Foreman is a Node.js version of the popular Foreman tool, with a few Node...

Node.js third-party modules: `npmconf` (and `npm` js api) allocate and write to disk uninitialized memory content when a typed number is passed as input on Node.js 4.x

I would like to report a Buffer allocation issue in npmconf and npm package js api. It allows to extract sensitive content from uninitialized memory by passing typed input to setCredentialsByURI, limited to Node.js 4.x and below. Module module name: npmconf version: 2.1.2 npm page:...

Node.js third-party modules: `concat-with-sourcemaps` allocates uninitialized Buffers when number is passed as a separator

I would like to report an uninitialized Buffer allocation issue in concat-with-sourcemaps. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in unlikely setups where separator is attacker-controlled. Module module name:...

Node.js third-party modules: `useragent` is vulnerable to ReDoS in user-agent string

Denial of Service by passing crafted user-agent strings...

Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC)

PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install the latest version of node from nodejs.org 2. Clone this...

Node.js third-party modules: `superstatic` is vulnerable to path traversal on Windows

I would like to report path traversal vulnerability in superstatic It allows to read arbitrary out-of-dir files when running on the Windows platform Module module name: superstatic version: 5.0.1 npm page: https://www.npmjs.com/package/superstatic Module Description Superstatic is an enhanced...

Node.js third-party modules: `memjs` allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage

I would like to report a Buffer allocation vulnerability in memjs. In cases when the attacker is able to pass typed input e.g. via JSON to the storage, it allows to cause DoS on all Node.js versions and to store and potentially later extract chunks of uninitialized server memory containing...

Node.js third-party modules: [m-server] Path Traversal allows to display content of arbitrary file(s) from the server

I would like to report Path Traversal in m-server module. It allows to read content of any arbitrary file from the server where m-server is installed and run. Module module name: m-server version: 1.4.0 npm page: https://www.npmjs.com/package/m-server Module Description M-Server is a mini http...

Node.js third-party modules: [m-server] HTML Injection in filenames displayed as directory listing in the browser allows to embed iframe with malicious JavaScript code

I would like to report Stored XSS vulnerability in m-server module. m-server displays content of selected directory as HTML in the browser. However, no escape is implemented which allows malicious user to embed executable JavaScript or HTML code eg. to load HTML document into iframe element and...

Node.js third-party modules: `rgb2hex` is vulnerable to ReDoS when parsing crafted invalid colors

I would like to report a ReDoS in rgb2hex. It allows to cause Denial of Service by trying to parse a crafted color string. Module module name: rgb2hex version: 0.1.0 npm page: https://www.npmjs.com/package/rgb2hex Module Description Parse any rgb or rgba string into a hex color. Lightweight...

Node.js third-party modules: `sshpk` is vulnerable to ReDoS when parsing crafted invalid public keys

I would like to report a ReDoS in sshpk It allows to cause Denial of Service by trying to parse a crafted public key. Module module name: sshpk version: 1.13.1 npm page: https://www.npmjs.com/package/sshpk Module Description Parse, convert, fingerprint and use SSH keys both public and private in...

Node.js third-party modules: `protobufjs` is vulnerable to ReDoS when parsing crafted invalid *.proto files

I would like to report a ReDoS in protobufjs It allows to cause Denial of Service by trying to parse or load a crafted .proto file. Module module name: protobufjs version: 6.8.5 npm page: https://www.npmjs.com/package/MODULE NAME Module Description Protocol Buffers are a language-neutral,...

Node.js third-party modules: `https-proxy-agent` passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak

I would like to report a Buffer allocation vulnerability in https-proxy-agent. In setups where auth argument is user-controlled, it allows to: 1. cause Denial of Service by trivially consuming all the available CPU resources 2. extract uninitialized memory chunks from the server on Node.js This...

Node.js third-party modules: `whereis` concatenates unsanitized input into exec() command

I would like to report command injection in whereis It allows to inject arbitrary shell commands by trying to locate crafted filenames. Module module name: whereis version: 0.4.0 npm page: https://www.npmjs.com/package/whereis Module Description Simply get the first path to a bin on any system...

Node.js third-party modules: [open] concatenation of unsanitized input into exec() command

I would like to report command injection in open. It allows to inject arbitrary shell commands by specifing crafted urls. Module module name: open version: 0.0.5 npm page: https://www.npmjs.com/package/open Module Description Open a file or url in the user's preferred application. Module Stats 31...