Количество 93
Количество 93
SUSE-SU-2022:1694-1
Security update for nodejs8
SUSE-SU-2022:1466-1
Security update for nodejs12
SUSE-SU-2022:1462-1
Security update for nodejs14
SUSE-SU-2022:1461-1
Security update for nodejs12
SUSE-SU-2022:1459-1
Security update for nodejs14
ROS-20230504-03
Уязвимость nodejs-minimatch
GHSA-f8q6-p94x-37v3
minimatch ReDoS vulnerability
BDU:2023-02699
Уязвимость библиотеки minimatch программной платформы Node.js, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»
SUSE-SU-2022:1717-1
Security update for nodejs10
SUSE-SU-2023:0419-1
Security update for nodejs18
SUSE-SU-2023:0408-1
Security update for nodejs18
CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
CVE-2022-43548
CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions <14.21 ...
CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
CVE-2022-35256
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2022:1694-1 Security update for nodejs8 | около 3 лет назад | ||
| SUSE-SU-2022:1466-1 Security update for nodejs12 | больше 3 лет назад | ||
| SUSE-SU-2022:1462-1 Security update for nodejs14 | больше 3 лет назад | ||
| SUSE-SU-2022:1461-1 Security update for nodejs12 | больше 3 лет назад | ||
| SUSE-SU-2022:1459-1 Security update for nodejs14 | больше 3 лет назад | ||
 | ROS-20230504-03 Уязвимость nodejs-minimatch | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-f8q6-p94x-37v3 minimatch ReDoS vulnerability | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | BDU:2023-02699 Уязвимость библиотеки minimatch программной платформы Node.js, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| SUSE-SU-2022:1717-1 Security update for nodejs10 | около 3 лет назад | ||
| SUSE-SU-2023:0419-1 Security update for nodejs18 | больше 2 лет назад | ||
| SUSE-SU-2023:0408-1 Security update for nodejs18 | больше 2 лет назад | ||
 | CVE-2022-43548 A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | CVSS3: 8.1 | 1% Низкий | больше 2 лет назад |
 | CVE-2022-43548 A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | CVSS3: 7.5 | 1% Низкий | почти 3 года назад |
 | CVE-2022-43548 A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | CVSS3: 8.1 | 1% Низкий | больше 2 лет назад |
 | CVSS3: 8.1 | 1% Низкий | больше 2 лет назад | |
| CVE-2022-43548 A OS Command Injection vulnerability exists in Node.js versions <14.21 ... | CVSS3: 8.1 | 1% Низкий | больше 2 лет назад |
| CVE-2022-35256 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | CVSS3: 6.5 | 5% Низкий | больше 2 лет назад |
| CVE-2022-35256 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | CVSS3: 6.5 | 5% Низкий | почти 3 года назад |
| CVE-2022-35256 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | CVSS3: 6.5 | 5% Низкий | больше 2 лет назад |
| CVSS3: 6.5 | 5% Низкий | больше 2 лет назад |
Уязвимостей на страницу