4309 matches found
CVE-2021-21413
CVE-2021-21413 affects the isolated-vm library for Node.js prior to v4.0.0. The issue arises from API pitfalls where exposed Reference objects can reveal a reference to the nodejs context’s Function object and potentially the prototype chain, enabling attacks that could modify API objects or acce...
CVE-2021-28918
A flaw was found in nodejs-netmask. Octal input data may lead to a server-side request forgery, remote file inclusion, local file inclusion, and other vulnerabilities. The highest threat from this vulnerability is to data integrity...
isolated-vm 安全漏洞
Marcel Laverdet isolated-vm is a Marcel Laverdet open source application. Library for nodejs with access to v8's Isolate interface. A security vulnerability exists in isolated-vm, which stems from an API flaw that can be exploited by an attacker to obtain references to function objects in a nodej...
CVE-2021-23358
A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2017-16099
A flaw was found in nodejs-no-case, where the no-case module is vulnerable to a regular expression denial of service. This issue occurs when malicious untrusted user input is passed into no-case and blocks the event loop, resulting in a denial of service. The highest threat from this vulnerabilit...
nodejs-angular: XSS due to regex-based HTML replacement
A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...
nodejs-angular: XSS due to regex-based HTML replacement
A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...
nodejs-angular: XSS due to regex-based HTML replacement
A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...
nodejs-angular: XSS due to regex-based HTML replacement
A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.6 security update
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Photon OS 2.0: Nodejs PHSA-2021-2.0-0330
An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0330. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid14795...
Fedora: Security Advisory for nodejs (FEDORA-2021-6aaba80ba2)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-3WJ8-VP9H-RM6M total.js Remote Code Execution Vulnerability
total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Remote Code Execution RCE via set. PoC js // To be ru...
CVE-2018-3774
A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0330
An update of 'nodejs' packages of Photon OS has been released...
Important Photon OS Security Update - PHSA-2021-0330
Updates of 'nodejs' packages of Photon OS have been released...
USN-4796-1 nodejs vulnerabilities
Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...
USN-4776-1 node-semver vulnerability
It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
Important: Red Hat Security Advisory: rh-nodejs12-nodejs security update
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...