Количество 51
Количество 51
CVE-2023-30590
The generateKeys() API function returned from crypto.createDiffieHellm ...
CVE-2023-30589
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
CVE-2023-30589
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
CVE-2023-30589
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
CVE-2023-30589
CVE-2023-30589
The llhttp parser in the http module in Node v20.2.0 does not strictly ...
GHSA-v63h-9gvh-2x49
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.
GHSA-cggh-pq45-6h9x
llhttp vulnerable to HTTP request smuggling
BDU:2023-04930
Уязвимость функции generateKeys() программной платформы Node.js, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2023-04893
Уязвимость программной платформы Node.js, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов"
ROS-20240916-03
Множественные уязвимости nodejs
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| CVE-2023-30590 The generateKeys() API function returned from crypto.createDiffieHellm ... | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
 | CVE-2023-30589 The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 | CVSS3: 7.5 | 1% Низкий | почти 2 года назад |
 | CVE-2023-30589 The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 | CVSS3: 7.5 | 1% Низкий | почти 2 года назад |
 | CVE-2023-30589 The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 | CVSS3: 7.5 | 1% Низкий | почти 2 года назад |
 | CVSS3: 7.5 | 1% Низкий | почти 2 года назад | |
| CVE-2023-30589 The llhttp parser in the http module in Node v20.2.0 does not strictly ... | CVSS3: 7.5 | 1% Низкий | почти 2 года назад |
| GHSA-v63h-9gvh-2x49 The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| GHSA-cggh-pq45-6h9x llhttp vulnerable to HTTP request smuggling | CVSS3: 7.5 | 1% Низкий | почти 2 года назад |
 | BDU:2023-04930 Уязвимость функции generateKeys() программной платформы Node.js, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 5.3 | 1% Низкий | почти 2 года назад |
| BDU:2023-04893 Уязвимость программной платформы Node.js, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку "контрабанда HTTP-запросов" | CVSS3: 7.5 | 1% Низкий | почти 2 года назад |
 | ROS-20240916-03 Множественные уязвимости nodejs | CVSS3: 7.5 | 9 месяцев назад |
Уязвимостей на страницу