CVE-2022-43548

CVE-2022-43548 affects Node.js and is caused by an insufficient IsAllowedHost check, allowing rebinding attacks via invalid IP addresses (notably octal formats) when using --inspect. Impact is DNS rebinding leading to potential code execution in affected environments. Affected versions include No...

CVE-2023-23918

CVE-2023-23918 affects Node.js runtimes prior to certain fixed releases (examples from connected docs include Node.js 14.21.3, 16.19.1, 18.14.2; some entries reference 18.19.x as fixed). The vulnerability allows bypassing the experimental Permissions feature when enabled with --experimental-polic...

CVE-2023-23920

CVE-2023-23920 is an untrusted search path vulnerability in Node.js that can allow ICU data loading when run with elevated privileges. The initial entry specifies affected versions as <19.6.1, <18.14.1, <16.19.1, and

CVE-2023-23919

CVE-2023-23919 is a Node.js OpenSSL error handling vulnerability where the OpenSSL error stack may not be cleared after certain cryptographic operations, potentially enabling a denial of service on affected threads. Concrete details across connected docs show affected versions include Node.js rel...