Количество 11
Количество 11
GHSA-7mcp-gwc2-4c6m
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync ...
BDU:2020-05657
Уязвимость программной платформы Node.js, связанная с ошибкой обработки имен HTTP - заголовка, позволяющая нарушителю получить доступ к защищаемой информации или повысить свои привилегии
openSUSE-SU-2020:1616-1
Security update for nodejs12
SUSE-SU-2020:2813-1
Security update for nodejs12
SUSE-SU-2020:2812-1
Security update for nodejs12
RLSA-2020:4272
Moderate: nodejs:12 security and bug fix update
ELSA-2020-4272
ELSA-2020-4272: nodejs:12 security and bug fix update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-7mcp-gwc2-4c6m Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | больше 3 лет назад |
 | CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | около 5 лет назад |
 | CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | около 5 лет назад |
 | CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | CVSS3: 7.4 | 1% Низкий | около 5 лет назад |
| CVE-2020-8201 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync ... | CVSS3: 7.4 | 1% Низкий | около 5 лет назад |
 | BDU:2020-05657 Уязвимость программной платформы Node.js, связанная с ошибкой обработки имен HTTP - заголовка, позволяющая нарушителю получить доступ к защищаемой информации или повысить свои привилегии | CVSS3: 7.4 | 1% Низкий | около 5 лет назад |
 | openSUSE-SU-2020:1616-1 Security update for nodejs12 | около 5 лет назад | ||
| SUSE-SU-2020:2813-1 Security update for nodejs12 | около 5 лет назад | ||
| SUSE-SU-2020:2812-1 Security update for nodejs12 | около 5 лет назад | ||
 | RLSA-2020:4272 Moderate: nodejs:12 security and bug fix update | около 5 лет назад | ||
| ELSA-2020-4272 ELSA-2020-4272: nodejs:12 security and bug fix update (MODERATE) | около 5 лет назад |
Уязвимостей на страницу