Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 064
GHSA-5726-g6r9-5f22
Potential for Script Injection in syntax-error
GHSA-q4qq-fm7q-cwp5
Multiple XSS Filter Bypasses in validator
GHSA-jjv7-qpx3-h62q
Denial-of-Service Memory Exhaustion in qs
CVE-2017-14919
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
CVE-2014-3744
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
CVE-2014-3744
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
CVE-2015-7384
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
CVE-2015-7384
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a den ...
CVE-2015-7384
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
CVE-2017-14849
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-5726-g6r9-5f22 Potential for Script Injection in syntax-error | 44% Средний | больше 8 лет назад | |
| GHSA-q4qq-fm7q-cwp5 Multiple XSS Filter Bypasses in validator | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
| GHSA-jjv7-qpx3-h62q Denial-of-Service Memory Exhaustion in qs | 3% Низкий | больше 8 лет назад | |
 | CVE-2017-14919 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
 | CVE-2014-3744 Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | CVSS3: 7.5 | 55% Средний | больше 8 лет назад |
 | CVE-2014-3744 Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | CVSS3: 7.5 | 55% Средний | больше 8 лет назад |
| CVE-2015-7384 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
| CVE-2015-7384 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a den ... | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
| CVE-2015-7384 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
| CVE-2017-14849 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | CVSS3: 7.5 | 90% Критический | больше 8 лет назад |
Уязвимостей на страницу