Exposição de Node.js

Programming languages

96

score de exposição

532.066

sites usam

0

em exploração

4

críticos

CVEs

127 resultados

CVE-2026-21710HIGHA flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the apEPSS 13.1%CVE-2021-44532—Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to cEPSS 10.4%CVE-2018-12121—Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combinationEPSS 10.2%CVE-2018-7160—The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. AEPSS 9.9%CVE-2025-27210HIGHAn incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. EPSS 9.8%CVE-2021-44533—Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craEPSS 9.4%CVE-2020-8265—Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to EPSS 9.0%CVE-2020-8251—Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unablEPSS 8.8%CVE-2021-44531—Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bEPSS 8.4%CVE-2018-12115—In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`,EPSS 8.0%CVE-2018-7161—All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causiEPSS 7.9%CVE-2021-22921—Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platformEPSS 7.4%CVE-2018-7167—Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to addreEPSS 7.2%CVE-2018-7162—All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a nEPSS 7.0%CVE-2024-3566CRITICALCommand injection vulnerability in programing languages on Microsoft Windows operating system.EPSS 6.9%CVE-2018-7164—Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumedEPSS 6.4%CVE-2022-32212—A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that EPSS 5.6%CVE-2020-8201—Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The paylEPSS 5.1%CVE-2019-5739—Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introducEPSS 5.1%CVE-2018-12116—Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-providEPSS 4.6%

← anteriorpágina 2 / 7próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →