Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)

Релизный цикл, информация об уязвимостях

Продукт: Node.js

Вендор: nodejs

График релизов

Недавние уязвимости Node.js

Количество 1 090

CVE-2014-3744

больше 8 лет назад

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.

CVSS3: 7.5

EPSS: Высокий

CVE-2014-3744

больше 8 лет назад

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.

CVSS3: 7.5

EPSS: Высокий

CVE-2015-7384

больше 8 лет назад

Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.

CVSS3: 7.5

EPSS: Низкий

CVE-2015-7384

больше 8 лет назад

Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a den ...

CVSS3: 7.5

EPSS: Низкий

CVE-2015-7384

больше 8 лет назад

Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.

CVSS3: 7.5

EPSS: Низкий

CVE-2017-14849

больше 8 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

CVSS3: 7.5

EPSS: Критический

CVE-2017-14849

больше 8 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...

CVSS3: 7.5

EPSS: Критический

CVE-2017-14849

больше 8 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

CVSS3: 7.5

EPSS: Критический

CVE-2015-2927

больше 8 лет назад

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).

CVSS3: 6.5

EPSS: Низкий

CVE-2015-2927

больше 8 лет назад

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause ...

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2014-3744 Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.	CVSS3: 7.5	78% Высокий	больше 8 лет назад
CVE-2014-3744 Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.	CVSS3: 7.5	78% Высокий	больше 8 лет назад
CVE-2015-7384 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.	CVSS3: 7.5	1% Низкий	больше 8 лет назад
CVE-2015-7384 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a den ...	CVSS3: 7.5	1% Низкий	больше 8 лет назад
CVE-2015-7384 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.	CVSS3: 7.5	1% Низкий	больше 8 лет назад
CVE-2017-14849 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.	CVSS3: 7.5	90% Критический	больше 8 лет назад
CVE-2017-14849 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...	CVSS3: 7.5	90% Критический	больше 8 лет назад
CVE-2017-14849 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.	CVSS3: 7.5	90% Критический	больше 8 лет назад
CVE-2015-2927 node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).	CVSS3: 6.5	1% Низкий	больше 8 лет назад
CVE-2015-2927 node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause ...	CVSS3: 6.5	1% Низкий	больше 8 лет назад

Уязвимостей на страницу