Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 090
CVE-2013-7452
The validator module before 1.1.0 for Node.js allows remote attackers ...
CVE-2013-7451
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
CVE-2013-7451
The validator module before 1.1.0 for Node.js allows remote attackers ...
CVE-2015-8860
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2013-7451
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVE-2013-7454
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
CVE-2013-7453
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
CVE-2014-9772
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVE-2013-7452
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2013-7452 The validator module before 1.1.0 for Node.js allows remote attackers ... | CVSS3: 6.1 | 1% Низкий | около 9 лет назад |
 | CVE-2013-7451 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. | CVSS3: 6.1 | 1% Низкий | около 9 лет назад |
| CVE-2013-7451 The validator module before 1.1.0 for Node.js allows remote attackers ... | CVSS3: 6.1 | 1% Низкий | около 9 лет назад |
 | CVE-2015-8860 The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | CVSS3: 7.5 | 0% Низкий | около 9 лет назад |
| CVE-2013-7451 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. | CVSS3: 6.1 | 1% Низкий | около 9 лет назад |
| CVE-2015-8855 The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | CVSS3: 7.5 | 1% Низкий | около 9 лет назад |
| CVE-2013-7454 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. | CVSS3: 6.1 | 0% Низкий | около 9 лет назад |
| CVE-2013-7453 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. | CVSS3: 6.1 | 0% Низкий | около 9 лет назад |
| CVE-2014-9772 The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | CVSS3: 6.1 | 0% Низкий | около 9 лет назад |
| CVE-2013-7452 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. | CVSS3: 6.1 | 1% Низкий | около 9 лет назад |
Уязвимостей на страницу