Vulnerabilities > Nodejs

DATE CVE VULNERABILITY TITLE RISK
2021-10-07 CVE-2021-22930 Use After Free vulnerability in Nodejs Node.Js
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs CWE-416
7.5
2021-08-16 CVE-2021-22931 Improper Input Validation vulnerability in Nodejs Node.Js
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
network
low complexity
nodejs CWE-20
7.5
2021-08-16 CVE-2021-22939 Improper Certificate Validation vulnerability in Nodejs Node.Js
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
network
low complexity
nodejs CWE-295
5.0
2021-08-16 CVE-2021-22940 Use After Free vulnerability in Nodejs Node.Js
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs CWE-416
5.0
2021-07-12 CVE-2021-22918 Out-of-bounds Read vulnerability in Nodejs Node.Js
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII.
network
low complexity
nodejs CWE-125
5.0
2021-07-12 CVE-2021-22921 Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms.
local
nodejs CWE-732
4.4
2021-03-03 CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”.
network
high complexity
nodejs fedoraproject netapp oracle
5.1
2021-03-03 CVE-2021-22883 Resource Exhaustion vulnerability in multiple products
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established.
network
low complexity
nodejs fedoraproject netapp oracle CWE-400
7.8
2021-01-06 CVE-2020-8287 HTTP Request Smuggling vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
network
low complexity
nodejs debian fedoraproject oracle CWE-444
6.4
2021-01-06 CVE-2020-8265 Use After Free vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation.
6.8