Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 065
CVE-2017-15897
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
BDU:2021-03037
Уязвимость процедуры AVX2 Montgomery библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVE-2017-14919
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
CVE-2017-14919
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows r ...
CVE-2017-14919
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
GHSA-qpjp-7rp2-9c3f
Moderate severity vulnerability that affects validator
GHSA-jjv7-qpx3-h62q
Denial-of-Service Memory Exhaustion in qs
GHSA-q4qq-fm7q-cwp5
Multiple XSS Filter Bypasses in validator
GHSA-gfjr-3jmm-4g9v
Symlink Arbitrary File Overwrite in tar
GHSA-5726-g6r9-5f22
Potential for Script Injection in syntax-error
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2017-15897 Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. | CVSS3: 3.7 | 1% Низкий | около 8 лет назад |
 | BDU:2021-03037 Уязвимость процедуры AVX2 Montgomery библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 5.9 | 14% Средний | около 8 лет назад |
 | CVE-2017-14919 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
| CVE-2017-14919 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows r ... | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
 | CVE-2017-14919 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
| GHSA-qpjp-7rp2-9c3f Moderate severity vulnerability that affects validator | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
| GHSA-jjv7-qpx3-h62q Denial-of-Service Memory Exhaustion in qs | 3% Низкий | больше 8 лет назад | |
| GHSA-q4qq-fm7q-cwp5 Multiple XSS Filter Bypasses in validator | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
| GHSA-gfjr-3jmm-4g9v Symlink Arbitrary File Overwrite in tar | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| GHSA-5726-g6r9-5f22 Potential for Script Injection in syntax-error | 44% Средний | больше 8 лет назад |
Уязвимостей на страницу