Lucene search
+L

6 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.36 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2024:1309-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1309-1 advisory. Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session...

8.2CVSS7AI score0.87211EPSS
Exploits3References16
Debian CVE
Debian CVE
added 2024/04/04 3:15 p.m.30 views

CVE-2024-30260

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

4.3CVSS6.1AI score0.00734EPSS
Exploits0
CVE
CVE
added 2024/04/04 3:9 p.m.133 views

CVE-2024-30261

CVE-2024-30261 affects Undici (the HTTP/1.1 client used by Node.js). The issue lets an attacker modify the integrity option passed to fetch(), causing fetch() to accept tampered requests. It has been patched in Undici versions 5.28.4 and 6.11.1. Affected Node.js ecosystems (via Undici) may need u...

3.5CVSS4.2AI score0.00803EPSS
Exploits1References8Affected Software1
Debian CVE
Debian CVE
added 2024/02/16 9:42 p.m.16 views

CVE-2024-24750

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...

6.5CVSS6.3AI score0.007EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/14 12:0 a.m.46 views

RHEL 8 : nodejs:20 (RHSA-2023:7205)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7205 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS7.5AI score0.99999EPSS
Exploits19References15
UbuntuCve
UbuntuCve
added 2022/07/19 9:15 p.m.43 views

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

6.5CVSS6.7AI score0.01391EPSS
Exploits1References4
Rows per page
Query Builder