Логотип exploitDog
bind:"CVE-2023-30588" OR bind:"CVE-2023-30589" OR bind:"CVE-2023-30590" OR bind:"CVE-2023-30581"
Консоль
Логотип exploitDog

exploitDog

bind:"CVE-2023-30588" OR bind:"CVE-2023-30589" OR bind:"CVE-2023-30590" OR bind:"CVE-2023-30581"

Количество 51

Количество 51

oracle-oval логотип

ELSA-2023-12933

почти 2 года назад

ELSA-2023-12933: GraalVM Security update (IMPORTANT)

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2023:3408-1

около 2 лет назад

Security update for nodejs14

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2023:3306-1

около 2 лет назад

Security update for nodejs14

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2023:3455-1

около 2 лет назад

Security update for nodejs12

EPSS: Низкий
ubuntu логотип

CVE-2023-30588

почти 2 года назад

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVSS3: 5.3
EPSS: Низкий
redhat логотип

CVE-2023-30588

больше 2 лет назад

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVSS3: 5.3
EPSS: Низкий
nvd логотип

CVE-2023-30588

почти 2 года назад

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVSS3: 5.3
EPSS: Низкий
debian логотип

CVE-2023-30588

почти 2 года назад

When an invalid public key is used to create an x509 certificate using ...

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-g526-x7vj-cfv6

почти 2 года назад

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVSS3: 5.3
EPSS: Низкий
fstec логотип

BDU:2023-04951

больше 2 лет назад

Уязвимость функции crypto.X509Certificate() программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 5.3
EPSS: Низкий
redos логотип

ROS-20240917-04

около 1 года назад

Уязвимость nodejs

CVSS3: 5.3
EPSS: Низкий
ubuntu логотип

CVE-2023-30589

больше 2 лет назад

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2023-30589

больше 2 лет назад

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2023-30589

больше 2 лет назад

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2023-30589

больше 2 лет назад

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2023-30589

больше 2 лет назад

The llhttp parser in the http module in Node v20.2.0 does not strictly ...

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-cggh-pq45-6h9x

больше 2 лет назад

llhttp vulnerable to HTTP request smuggling

CVSS3: 7.5
EPSS: Низкий
fstec логотип

BDU:2023-04893

больше 2 лет назад

Уязвимость программной платформы Node.js, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов"

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2023-30581

почти 2 года назад

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2023-30581

больше 2 лет назад

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
oracle-oval логотип
ELSA-2023-12933

ELSA-2023-12933: GraalVM Security update (IMPORTANT)

почти 2 года назад
suse-cvrf логотип
SUSE-SU-2023:3408-1

Security update for nodejs14

около 2 лет назад
suse-cvrf логотип
SUSE-SU-2023:3306-1

Security update for nodejs14

около 2 лет назад
suse-cvrf логотип
SUSE-SU-2023:3455-1

Security update for nodejs12

около 2 лет назад
ubuntu логотип
CVE-2023-30588

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVSS3: 5.3
0%
Низкий
почти 2 года назад
redhat логотип
CVE-2023-30588

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVSS3: 5.3
0%
Низкий
больше 2 лет назад
nvd логотип
CVE-2023-30588

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVSS3: 5.3
0%
Низкий
почти 2 года назад
debian логотип
CVE-2023-30588

When an invalid public key is used to create an x509 certificate using ...

CVSS3: 5.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-g526-x7vj-cfv6

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVSS3: 5.3
0%
Низкий
почти 2 года назад
fstec логотип
BDU:2023-04951

Уязвимость функции crypto.X509Certificate() программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 5.3
0%
Низкий
больше 2 лет назад
redos логотип
ROS-20240917-04

Уязвимость nodejs

CVSS3: 5.3
0%
Низкий
около 1 года назад
ubuntu логотип
CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

CVSS3: 7.5
2%
Низкий
больше 2 лет назад
redhat логотип
CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

CVSS3: 7.5
2%
Низкий
больше 2 лет назад
nvd логотип
CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

CVSS3: 7.5
2%
Низкий
больше 2 лет назад
msrc логотип
CVSS3: 7.5
2%
Низкий
больше 2 лет назад
debian логотип
CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly ...

CVSS3: 7.5
2%
Низкий
больше 2 лет назад
github логотип
GHSA-cggh-pq45-6h9x

llhttp vulnerable to HTTP request smuggling

CVSS3: 7.5
2%
Низкий
больше 2 лет назад
fstec логотип
BDU:2023-04893

Уязвимость программной платформы Node.js, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов"

CVSS3: 7.5
2%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2023-30581

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

CVSS3: 7.5
0%
Низкий
почти 2 года назад
redhat логотип
CVE-2023-30581

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

CVSS3: 7.5
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу