Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 009
CVE-2015-2927
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).
CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ...
CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
openSUSE-SU-2017:1857-1
Security update for libcares2
CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for pars ...
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
SUSE-SU-2017:1792-1
Security update for libcares2
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2015-2927 node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | CVSS3: 6.5 | 1% Низкий | почти 8 лет назад |
 | CVE-2017-11499 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
| CVE-2017-11499 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ... | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
| CVE-2017-11499 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
 | openSUSE-SU-2017:1857-1 Security update for libcares2 | 1% Низкий | около 8 лет назад | |
 | CVE-2017-11499 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
| CVE-2017-1000381 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
| CVE-2017-1000381 The c-ares function `ares_parse_naptr_reply()`, which is used for pars ... | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
| CVE-2017-1000381 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
| SUSE-SU-2017:1792-1 Security update for libcares2 | 1% Низкий | около 8 лет назад |
Уязвимостей на страницу