2 matches found
CVE-2018-7159
CVE-2018-7159 affects the Node.js http-parser component: the HTTP parser ignores spaces in Content-Length, allowing Content-Length: 1 2 to be treated as 12. The risk is described as very low in the CVE entry, with exploitation considered difficult. Connected sources confirm this affects http-pars...
CVE-2018-7158
CVE-2018-7158: Node.js path module ReDoS vulnerability affecting the 4.x release line; crafted file paths in path.dirname, path.extname, path.parse can cause excessive evaluation time. Fixed in Node.js 6.x+; IBM advisories for IBM SDK for Node.js (6.x and 8.x) indicate remediation via upgrading t...