Vulnerabilities > Nodejs > Node JS > 10.12.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-24 | CVE-2021-44531 | Improper Certificate Validation vulnerability in multiple products Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. | 7.4 |
2022-02-24 | CVE-2021-44532 | Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. | 5.3 |
2022-02-24 | CVE-2021-44533 | Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. | 5.3 |
2021-03-25 | CVE-2021-3450 | Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. | 7.4 |
2021-03-03 | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. | 7.5 |
2021-03-03 | CVE-2021-22883 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. | 7.5 |
2021-01-06 | CVE-2020-8287 | HTTP Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). | 6.5 |
2021-01-06 | CVE-2020-8265 | Use After Free vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. | 8.1 |
2020-09-18 | CVE-2020-8252 | Classic Buffer Overflow vulnerability in multiple products The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | 7.8 |
2020-07-24 | CVE-2020-8174 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | 8.1 |