Vulnerabilities > Nodejs
|2021-01-06||CVE-2020-8287|| Http Request Smuggling vulnerability in multiple products |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
| 6.4 |
|2021-01-06||CVE-2020-8265|| USE After Free vulnerability in multiple products |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation.
| 6.8 |
|2020-12-03||CVE-2018-21270|| Out-Of-Bounds Read vulnerability in Nodejs Node.Js |
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
| 6.4 |
|2020-11-19||CVE-2020-8277|| Resource Exhaustion vulnerability in multiple products |
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses.
| 5.0 |
|2020-09-18||CVE-2020-8252|| Classic Buffer Overflow vulnerability in multiple products |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
| 4.6 |
|2020-09-18||CVE-2020-8251|| Resource Exhaustion vulnerability in Nodejs Node.Js |
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
| 5.0 |
|2020-09-18||CVE-2020-8201|| Http Request Smuggling vulnerability in multiple products |
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users.
| 5.8 |
|2020-07-24||CVE-2020-8174|| Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nodejs Node.Js |
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
| 9.3 |
|2020-06-08||CVE-2020-8172|| Improper Certificate Validation vulnerability in Nodejs Node.Js |
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
| 5.8 |
|2020-02-07||CVE-2019-15606|| Incorrect Authorization vulnerability in Nodejs Node.Js |
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
| 7.5 |