Node.js@19.0.0 Security Vulnerabilities and Issues — Node.js@19.0.0 CVE List

Lucene search

NodejsNode.js19.0.0

3 matches found

CVE•added 2022/11/01 6:15 p.m.•1085 views

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verifi...

7.5CVSS8.2AI score0.85942EPSS

CVE•added 2022/11/01 6:15 p.m.•944 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verificat...

7.5CVSS8.1AI score0.17317EPSS

CVE•added 2022/12/05 10:15 p.m.•463 views

CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebind...

8.1CVSS8.4AI score0.00835EPSS