Количество 28
Количество 28
SUSE-SU-2025:0234-1
Security update for nodejs18
SUSE-SU-2025:0233-1
Security update for nodejs18
RLSA-2025:1582
Moderate: nodejs:18 security update
ELSA-2025-1582
ELSA-2025-1582: nodejs:18 security update (MODERATE)
ELSA-2025-1446
ELSA-2025-1446: nodejs:18 security update (MODERATE)
SUSE-SU-2025:0284-1
Security update for nodejs22
SUSE-SU-2025:0237-1
Security update for nodejs20
SUSE-SU-2025:0232-1
Security update for nodejs20
RLSA-2025:1611
Important: nodejs:22 security update
RLSA-2025:1351
Important: nodejs:20 security update
ELSA-2025-1613
ELSA-2025-1613: nodejs:22 security update (IMPORTANT)
ELSA-2025-1611
ELSA-2025-1611: nodejs:22 security update (IMPORTANT)
ELSA-2025-1443
ELSA-2025-1443: nodejs:20 security update (IMPORTANT)
ELSA-2025-1351
ELSA-2025-1351: nodejs:20 security update (IMPORTANT)
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
CVE-2025-22150
Undici Uses Insufficiently Random Values
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to v ...
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2025:0234-1 Security update for nodejs18 | 11 месяцев назад | ||
| SUSE-SU-2025:0233-1 Security update for nodejs18 | 11 месяцев назад | ||
 | RLSA-2025:1582 Moderate: nodejs:18 security update | 10 месяцев назад | ||
| ELSA-2025-1582 ELSA-2025-1582: nodejs:18 security update (MODERATE) | 10 месяцев назад | ||
| ELSA-2025-1446 ELSA-2025-1446: nodejs:18 security update (MODERATE) | 10 месяцев назад | ||
| SUSE-SU-2025:0284-1 Security update for nodejs22 | 11 месяцев назад | ||
| SUSE-SU-2025:0237-1 Security update for nodejs20 | 11 месяцев назад | ||
| SUSE-SU-2025:0232-1 Security update for nodejs20 | 11 месяцев назад | ||
| RLSA-2025:1611 Important: nodejs:22 security update | 10 месяцев назад | ||
| RLSA-2025:1351 Important: nodejs:20 security update | 10 месяцев назад | ||
| ELSA-2025-1613 ELSA-2025-1613: nodejs:22 security update (IMPORTANT) | 10 месяцев назад | ||
| ELSA-2025-1611 ELSA-2025-1611: nodejs:22 security update (IMPORTANT) | 10 месяцев назад | ||
| ELSA-2025-1443 ELSA-2025-1443: nodejs:20 security update (IMPORTANT) | 10 месяцев назад | ||
| ELSA-2025-1351 ELSA-2025-1351: nodejs:20 security update (IMPORTANT) | 10 месяцев назад | ||
 | CVE-2025-22150 Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers. | CVSS3: 6.8 | 0% Низкий | 11 месяцев назад |
 | CVE-2025-22150 Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers. | CVSS3: 6.8 | 0% Низкий | 11 месяцев назад |
 | CVE-2025-22150 Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers. | CVSS3: 6.8 | 0% Низкий | 11 месяцев назад |
 | CVE-2025-22150 Undici Uses Insufficiently Random Values | CVSS3: 6.8 | 0% Низкий | 10 месяцев назад |
| CVE-2025-22150 Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to v ... | CVSS3: 6.8 | 0% Низкий | 11 месяцев назад |
| CVE-2025-23085 A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x. | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу