Количество 35
Количество 35
SUSE-SU-2020:2870-1
Security update for nodejs8
GHSA-93f3-23rq-pjfp
npm CLI exposing sensitive information through logs
CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions bef ...
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync ...
SUSE-SU-2020:2800-1
Security update for nodejs8
GHSA-ff7x-qrg7-qggm
dot-prop Prototype Pollution vulnerability
BDU:2021-02884
Уязвимость библиотеки dot-prop прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым изменением атрибутов прототипа объекта, позволяющая нарушителю реализовать атаку типа «загрязнение прототипа»
GHSA-7mcp-gwc2-4c6m
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
BDU:2020-05657
Уязвимость программной платформы Node.js, связанная с ошибкой обработки имен HTTP - заголовка, позволяющая нарушителю получить доступ к защищаемой информации или повысить свои привилегии
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2020:2870-1 Security update for nodejs8 | 0% Низкий | больше 4 лет назад | |
| GHSA-93f3-23rq-pjfp npm CLI exposing sensitive information through logs | CVSS3: 4.4 | 0% Низкий | почти 5 лет назад |
 | CVE-2020-8116 Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
 | CVE-2020-8116 Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
 | CVE-2020-8116 Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-8116 Prototype pollution vulnerability in dot-prop npm package versions bef ... | CVSS3: 7.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
| CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
| CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
| CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync ... | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
| SUSE-SU-2020:2800-1 Security update for nodejs8 | больше 4 лет назад | ||
| GHSA-ff7x-qrg7-qggm dot-prop Prototype Pollution vulnerability | CVSS3: 7.3 | 0% Низкий | почти 5 лет назад |
 | BDU:2021-02884 Уязвимость библиотеки dot-prop прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым изменением атрибутов прототипа объекта, позволяющая нарушителю реализовать атаку типа «загрязнение прототипа» | CVSS3: 7.3 | 0% Низкий | около 4 лет назад |
| GHSA-7mcp-gwc2-4c6m Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | около 3 лет назад |
| BDU:2020-05657 Уязвимость программной платформы Node.js, связанная с ошибкой обработки имен HTTP - заголовка, позволяющая нарушителю получить доступ к защищаемой информации или повысить свои привилегии | CVSS3: 7.4 | 1% Низкий | почти 5 лет назад |
Уязвимостей на страницу