Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 024
CVE-2022-32222
A cryptographic vulnerability exists on Node.js on linux in versions o ...
CVE-2022-32215
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
CVE-2022-32215
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module ...
CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module ...
CVE-2022-32213
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
CVE-2022-32213
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module ...
CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions <14.20 ...
CVE-2022-32213
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2022-32222 A cryptographic vulnerability exists on Node.js on linux in versions o ... | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
 | CVE-2022-32215 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). | CVSS3: 6.5 | 88% Высокий | около 3 лет назад |
| CVE-2022-32215 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module ... | CVSS3: 6.5 | 88% Высокий | около 3 лет назад |
| CVE-2022-32214 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). | CVSS3: 6.5 | 65% Средний | около 3 лет назад |
| CVE-2022-32214 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module ... | CVSS3: 6.5 | 65% Средний | около 3 лет назад |
| CVE-2022-32213 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | CVSS3: 6.5 | 89% Высокий | около 3 лет назад |
| CVE-2022-32213 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module ... | CVSS3: 6.5 | 89% Высокий | около 3 лет назад |
| CVE-2022-32212 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | CVSS3: 8.1 | 0% Низкий | около 3 лет назад |
| CVE-2022-32212 A OS Command Injection vulnerability exists in Node.js versions <14.20 ... | CVSS3: 8.1 | 0% Низкий | около 3 лет назад |
 | CVE-2022-32213 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | CVSS3: 6.5 | 89% Высокий | около 3 лет назад |
Уязвимостей на страницу