Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)

Релизный цикл, информация об уязвимостях

Продукт: Node.js

Вендор: nodejs

График релизов

Недавние уязвимости Node.js

Количество 1 009

CVE-2016-2216

около 9 лет назад

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...

CVSS3: 7.5

EPSS: Низкий

CVE-2016-2086

около 9 лет назад

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-2086

около 9 лет назад

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0 ...

CVSS3: 7.5

EPSS: Низкий

CVE-2016-2216

около 9 лет назад

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-2086

около 9 лет назад

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-3956

около 9 лет назад

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.

CVSS2: 4.3

EPSS: Низкий

CVE-2016-0797

больше 9 лет назад

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

CVSS3: 7.5

EPSS: Средний

CVE-2016-0797

больше 9 лет назад

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 be ...

CVSS3: 7.5

EPSS: Средний

CVE-2016-0702

больше 9 лет назад

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.

CVSS3: 5.1

EPSS: Низкий

CVE-2016-0702

больше 9 лет назад

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in O ...

CVSS3: 5.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-2216 The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...	CVSS3: 7.5	2% Низкий	около 9 лет назад
CVE-2016-2086 Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.	CVSS3: 7.5	0% Низкий	около 9 лет назад
CVE-2016-2086 Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0 ...	CVSS3: 7.5	0% Низкий	около 9 лет назад
CVE-2016-2216 The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.	CVSS3: 7.5	2% Низкий	около 9 лет назад
CVE-2016-2086 Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.	CVSS3: 7.5	0% Низкий	около 9 лет назад
CVE-2016-3956 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.	CVSS2: 4.3	2% Низкий	около 9 лет назад
CVE-2016-0797 Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.	CVSS3: 7.5	31% Средний	больше 9 лет назад
CVE-2016-0797 Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 be ...	CVSS3: 7.5	31% Средний	больше 9 лет назад
CVE-2016-0702 The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.	CVSS3: 5.1	0% Низкий	больше 9 лет назад
CVE-2016-0702 The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in O ...	CVSS3: 5.1	0% Низкий	больше 9 лет назад

Уязвимостей на страницу