Fedora Update for nodejs-forwarded FEDORA-2017-afb05e0873

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-forwarded FEDORA-2017-042c59fab9

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : nodejs-forwarded (2017-afb05e0873)

Update to upstream 0.1.2 release for security issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 25 : nodejs-forwarded (2017-042c59fab9)

Update to upstream 0.1.2 release for security issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

[SECURITY] Fedora 26 Update: nodejs-forwarded-0.1.2-1.fc26

Parse HTTP X-Forwarded-For header...

[SECURITY] Fedora 25 Update: nodejs-forwarded-0.1.2-1.fc25

Parse HTTP X-Forwarded-For header...

nodejs-tough-cookie: Regular expression denial of service

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...

Command Injection In NodeJS Debugger

NodeJS is vulnerable to command injection. The debugger listens on "any" address instead of 127.0.0.1 by default...

NodeJS Debugger Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "NodeJS Debugger Command Injection", 'Description' = %q This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 t...

NodeJS Debugger - Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "NodeJS Debugger Command Injection", 'Description' = %q This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 t...

NodeJS Debugger Command Injection Exploit

This Metasploit module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 to evaluate arbitrary JS and call out to other system commands. The port default 5858 is not exposed non-locally in default configurations, but may be exposed either intentionally or via...

nodejs-qs: Prototype override protection bypass

It was found that ljharb's qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object's prototype properties such as toString or hasOwnProperty, resulting in a denial of service when the overwritten function...

NodeJS Debugger Command Injection

This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 to evaluate arbitrary JS and call out to other system commands. The port default 5858 is not exposed non-locally in default configurations, but may be exposed either intentionally or via misconfiguration. Th...

openSUSE Security Update : nodejs4 / nodejs6 (openSUSE-2017-948)

This update for nodejs4 and nodejs6 fixes the following issues : Security issues fixed : - CVE-2017-1000381: The c-ares function aresparsenaptrreply could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. bsc1044946...

Joyent Node.js Express web framework cross-site scripting vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. Express web framework is one of the lightweight Web framework. A cross-site scripting vulnerability exists in Joyent Node.js in the Express web framework versions...

Fedora Update for nodejs FEDORA-2017-7c1621d2e8

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : 1:nodejs (2017-81522ac6d8)

Security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora 24 : 1:nodejs (2017-aa44293a53)

Security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Elastic Stack 5.5.1 and Kibana 4.6.5 security update

Kibana Node.js security flaw ESA-2017-14 The version of Node.js shipped in all versions of Kibana prior to 5.5.1 contains a Denial of Service flaw in it's HashTable random seed. This flaw could allow a remote attacker to consume resources within Node.js preventing Kibana from servicing requests...

DEBIAN-CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots...