Node.js Security Vulnerabilities and Issues — Node.js CVE List | Vulners.com

Lucene search

K

NodejsNode.js

3 matches found

CVE•added 2016/10/03 3:59 p.m.•152 views

CVE-2016-5180

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

9.8CVSS9.8AI score0.21619EPSS

CVE•added 2016/10/10 4:59 p.m.•65 views

CVE-2016-5325

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

6.1CVSS6.7AI score0.00327EPSS

CVE•added 2016/10/10 4:59 p.m.•60 views

CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

5.9CVSS6AI score0.00703EPSS