Vulnerabilities > Nodejs > Node JS > 14.4.0

DATE CVE VULNERABILITY TITLE RISK
2020-09-18 CVE-2020-8252 Classic Buffer Overflow vulnerability in multiple products
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
local
low complexity
nodejs opensuse fedoraproject CWE-120
7.8
7.8
2020-09-18 CVE-2020-8251 Resource Exhaustion vulnerability in multiple products
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
network
low complexity
nodejs fedoraproject CWE-400
7.5
7.5
2020-09-18 CVE-2020-8201 HTTP Request Smuggling vulnerability in multiple products
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users.
network
high complexity
nodejs opensuse fedoraproject CWE-444
7.4
7.4