CVE-2022-32213 affecting package nodejs 14.18.3-1

CVE-2022-32213 affecting package nodejs 14.18.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-32214 affecting package nodejs 14.18.3-1

CVE-2022-32214 affecting package nodejs 14.18.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-32212 affecting package nodejs 14.18.3-1

CVE-2022-32212 affecting package nodejs 14.18.3-1. An upgraded version of the package is available that resolves this issue...

MAL-2022-5563 Malicious code in quest-bee-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 554817dcee33cd9d1832a7cf89456ca2d38f2c4f6e0c454f135842c0d2473aaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in quest-bee-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 554817dcee33cd9d1832a7cf89456ca2d38f2c4f6e0c454f135842c0d2473aaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NodeJS System Information Library Command Injection (CVE-2021-21315)

Binary data nodejscve-2021-21315.nbin...

Internet Bug Bounty: CVE-2022-35948: CRLF Injection in Nodejs ‘undici’ via Content-Type

undici library should be protects HTTP headers from CRLF injection vulnerabilities. However, CRLF injection exists in the ‘content-type’ header of undici.request api. Impact = [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more...

Malicious Package

Overview performance-quality-models-nodejs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

GHSA-2CPX-6PQP-WF35 fs2-io skips mTLS client verification

Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...

CVE-2016-4991

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

Important Photon OS Security Update - PHSA-2022-3.0-0426

Updates of 'nodejs' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2022-0426

Updates of 'nodejs' packages of Photon OS have been released...

js-ini 安全漏洞

js-ini is a Node.js package for encoding/decoding ini-like strings from the Russian individual developer Denis. A security vulnerability exists in versions of js-ini prior to 1.3.0 that stems from the package's susceptibility to prototype contamination, which can be exploited by an attacker to...

Malicious code in nodejs-email (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b97dc984fb1029ce10f445896e79f414c5d13f44ed4212c2441dfd4c7aece0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Apache SkyWalking Denial of Service Vulnerability

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...

nodejs: Certificate Verification Bypass via String Injection

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host...

Important: Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Bug Fixes and Enhancements: nodejs:12/nodejs: rebase...

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

GHSA-8GPG-466C-5CPJ Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...