CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

CVE-2019-15606

CVE-2019-15606 affects Node.js 10.x, 12.x and 13.x where trailing whitespace in HTTP header values can bypass header-based authorization. Public disclosures in Debian (DSA-4669-1) and Gentoo/Gentoo GLSA-202003-48 confirm multipleVulns including 15606; Elastic KB notes DoS/HTTP‑smuggling implicati...

PT-2020-2534 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions 10 through 13 Description: The issue is related to insufficient input validation when processing HTTP headers in Node.js, allowing a remote attacker to gain full control over the application through various network protocols...

Node.js third-party modules: [nested-property] Prototype Pollution

Hi team, I would like to report a prototype pollution vulnerability in nested-property that allows an attacker to modify properties on Object.prototype. Module name:nested-property version: 1.0.4 npm page: https://www.npmjs.com/package/nested-property Module Description Read, write or test a data...

Low: Red Hat Enhancement Advisory: nodejs:12 enhancement update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. The following packages have been upgraded to a later upstream version: nodejs 12.14.1. BZ1791067...

12 enhancement update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The following packages have been upgraded to a later...

nodejs:12 enhancement update

The following packages have been upgraded to a later upstream version: nodejs 12.14.1. BZ1791067...

DVNA - Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...

Fedora 31 : 1:libuv / 1:nodejs (2020-595ce5e3cc)

Update to 12.14.1 Add new subpackage nodejs-full-i18n to provide non-English locale and Unicode support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

PT-2021-2152 · Node.Js +9 · Node.Js +9

Name of the Vulnerable Software and Affected Versions: Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 Description: The issue is related to inconsistent interpretation of HTTP requests. This can lead to HTTP Request Smuggling when two copies of a header field are present in an HTTP...

PT-2020-4060 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 10.21.0 Node.js versions prior to 12.18.0 Node.js versions prior to 14.4.0 Description: The issue is related to memory corruption in the napi get value string functions, specifically napi get value string latin1, nap...

SUSE-SU-2020:0104-1 Security update for nodejs10

This update for nodejs10 to version 10.18.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. - Added support for chacha20-poly1305 for Authenticated...

OPENSUSE-SU-2020:0059-1 Security update for nodejs8

This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. This update was imported from the SUSE:SLE-15:Update upda...

hot-formula-parser package for Node.js command injection vulnerability

hot-formula-parser package for Node.js is an Excel math formula parser for Node.js. A command injection vulnerability exists in grammar-parser.jison in the hot-formula-parser package for Node.js versions prior to 3.0.1. An attacker can use this vulnerability to execute arbitrary commands on the...

Node.js third-party modules: [blamer] RCE via insecure command formatting

I would like to report a RCE issue in the blamer module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: blamer version: 0.1.13 npm page: https://www.npmjs.com/package/blamer Module Description Blamer is a tool for get information about author of code...

CVE-2019-19919

A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which allows an attacker to execute arbitrary code through crafted payloads. The highest threat from this...

SUSE-SU-2020:0063-1 Security update for nodejs10

This update for nodejs10 to version 10.18.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. - Added support for chacha20-poly1305 for Authenticated...

Fedora Update for nodejs FEDORA-2019-7443ebda4b

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2020:0043-1 Security update for nodejs8

This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352...

Photon OS 1.0: Nodejs PHSA-2019-1.0-0257

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0257. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13252...