Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 012
GHSA-86v4-9wq7-fx97
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
CVE-2023-30581
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
CVE-2023-30581
The use of __proto__ in process.mainModule.__proto__.require() can byp ...
CVE-2023-30581
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
SUSE-SU-2023:4492-1
Security update for nghttp2
SUSE-SU-2023:4295-1
Security update for nodejs10
BDU:2024-02798
Уязвимость HTTP-сервера программной платформы Node.js, позволяющая нарушителю обойти ограничения безопасности и вызвать отказ в обслуживании
SUSE-SU-2023:4200-1
Security update for nghttp2
SUSE-SU-2023:4199-1
Security update for nghttp2
RLSA-2023:5838
Important: nghttp2 security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-86v4-9wq7-fx97 The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVE-2023-30581 The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| CVE-2023-30581 The use of __proto__ in process.mainModule.__proto__.require() can byp ... | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVE-2023-30581 The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | SUSE-SU-2023:4492-1 Security update for nghttp2 | 94% Критический | больше 1 года назад | |
| SUSE-SU-2023:4295-1 Security update for nodejs10 | 94% Критический | почти 2 года назад | |
 | BDU:2024-02798 Уязвимость HTTP-сервера программной платформы Node.js, позволяющая нарушителю обойти ограничения безопасности и вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| SUSE-SU-2023:4200-1 Security update for nghttp2 | 94% Критический | почти 2 года назад | |
| SUSE-SU-2023:4199-1 Security update for nghttp2 | 94% Критический | почти 2 года назад | |
 | RLSA-2023:5838 Important: nghttp2 security update | 94% Критический | почти 2 года назад |
Уязвимостей на страницу