Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 020
SUSE-SU-2021:2790-1
Security update for nodejs8
BDU:2022-00760
Уязвимость реализации функции console.table() программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании или обойти ограничения безопасности
openSUSE-SU-2021:1168-1
Security update for c-ares
SUSE-SU-2021:2760-1
Security update for c-ares
openSUSE-SU-2021:2760-1
Security update for c-ares
CVE-2021-22940
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
CVE-2021-22940
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...
CVE-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
CVE-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in p ...
CVE-2021-22931
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2021:2790-1 Security update for nodejs8 | 0% Низкий | около 4 лет назад | |
 | BDU:2022-00760 Уязвимость реализации функции console.table() программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании или обойти ограничения безопасности | CVSS3: 3.7 | 0% Низкий | около 4 лет назад |
| openSUSE-SU-2021:1168-1 Security update for c-ares | 0% Низкий | около 4 лет назад | |
| SUSE-SU-2021:2760-1 Security update for c-ares | 0% Низкий | около 4 лет назад | |
| openSUSE-SU-2021:2760-1 Security update for c-ares | 0% Низкий | около 4 лет назад | |
 | CVE-2021-22940 Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-22940 Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ... | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-22939 If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-22939 If the Node.js https API was used incorrectly and "undefined" was in p ... | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. | CVSS3: 9.8 | 1% Низкий | около 4 лет назад |
Уязвимостей на страницу