Количество 11
Количество 11
BDU:2020-05657
Уязвимость программной платформы Node.js, связанная с ошибкой обработки имен HTTP - заголовка, позволяющая нарушителю получить доступ к защищаемой информации или повысить свои привилегии
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync ...
GHSA-7mcp-gwc2-4c6m
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
openSUSE-SU-2020:1616-1
Security update for nodejs12
SUSE-SU-2020:2813-1
Security update for nodejs12
SUSE-SU-2020:2812-1
Security update for nodejs12
RLSA-2020:4272
Moderate: nodejs:12 security and bug fix update
ELSA-2020-4272
ELSA-2020-4272: nodejs:12 security and bug fix update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2020-05657 Уязвимость программной платформы Node.js, связанная с ошибкой обработки имен HTTP - заголовка, позволяющая нарушителю получить доступ к защищаемой информации или повысить свои привилегии | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
 | CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
 | CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
 | CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
| CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync ... | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
| GHSA-7mcp-gwc2-4c6m Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | около 3 лет назад |
 | openSUSE-SU-2020:1616-1 Security update for nodejs12 | больше 4 лет назад | ||
| SUSE-SU-2020:2813-1 Security update for nodejs12 | больше 4 лет назад | ||
| SUSE-SU-2020:2812-1 Security update for nodejs12 | больше 4 лет назад | ||
 | RLSA-2020:4272 Moderate: nodejs:12 security and bug fix update | больше 4 лет назад | ||
| ELSA-2020-4272 ELSA-2020-4272: nodejs:12 security and bug fix update (MODERATE) | больше 4 лет назад |
Уязвимостей на страницу