7863 matches found
CVE-2014-7191
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...
CVE-2014-7191
CVE-2014-7191 affects the qs module in Node.js, where the qs parser fails to compact third-party array data, enabling memory exhaustion under crafted deeply-nested inputs (DoS). Public IBM advisories map the vulnerability to IBM Security Verify Governance (and related tools) and to Cordova-based ...
CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
CVE-2014-7205
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...
CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
Design/Logic Flaw
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...
CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
Design/Logic Flaw
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
CVE-2014-7205
The Bassmaster Node.js plugin for the Hapi server contains CVE-2014-7205: an eval-based injection in the internals.batch function (lib/batch.js) before version 1.5.2, enabling remote arbitrary JavaScript execution. Documents show affected version range is bassmaster
CVE-2014-6394
The CVE-2014-6394 entry concerns visionmedia send before 0.8.4 for Node.js. The vulnerability arises from a partial directory-root verification, which can allow a remote attacker to escape the intended restricted directory and access files such as those under a public-restricted path (e.g., publi...
CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
CVE-2014-7205
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...
Fedora 20 : nodejs-send-0.3.0-4.fc20 (2014-11421)
When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example, staticdirname + '/public' would allow access to dirname + '/public-restricted'...
Fedora 20 : nodejs-0.10.32-1.fc20 / v8-3.14.5.10-14.fc20 (2014-11065)
This update provides the latest stable version of Node.js and corresponding backports to the v8 package. This update resolves CVE-2013-6668, which has only a minor impact since Node.js is not typically used to execute untrusted JavaScript. For more information on the fixed vulnerability, please s...
Fedora 19 : nodejs-0.10.32-1.fc19 / v8-3.14.5.10-14.fc19 (2014-10975)
This update provides the latest stable version of Node.js and corresponding backports to the v8 package. This update resolves CVE-2013-6668, which has only a minor impact since Node.js is not typically used to execute untrusted JavaScript. For more information on the fixed vulnerability, please s...
Fedora 21 : nodejs-0.10.32-1.fc21 / v8-3.14.5.10-14.fc21 (2014-11132)
This update provides the latest stable version of Node.js and corresponding backports to the v8 package. This update resolves CVE-2013-6668, which has only a minor impact since Node.js is not typically used to execute untrusted JavaScript. For more information on the fixed vulnerability, please s...
[SECURITY] Fedora 20 Update: nodejs-0.10.32-1.fc20
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
[SECURITY] Fedora 19 Update: nodejs-0.10.32-1.fc19
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
[SECURITY] Fedora 21 Update: nodejs-0.10.32-1.fc21
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...