Vulnerabilities > Nodejs > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-04 | CVE-2024-30260 | Incorrect Authorization vulnerability in multiple products Undici is an HTTP/1.1 client, written from scratch for Node.js. | 4.3 |
2024-02-16 | CVE-2024-24750 | Memory Leak vulnerability in Nodejs Undici Undici is an HTTP/1.1 client, written from scratch for Node.js. | 6.5 |
2024-02-16 | CVE-2024-24758 | Unspecified vulnerability in Nodejs Undici Undici is an HTTP/1.1 client, written from scratch for Node.js. | 4.5 |
2023-11-28 | CVE-2023-30588 | Unspecified vulnerability in Nodejs Node.Js When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. | 5.3 |
2023-09-12 | CVE-2023-32005 | Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. | 5.3 |
2023-08-15 | CVE-2023-32003 | Path Traversal vulnerability in multiple products `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. | 5.3 |
2023-02-23 | CVE-2023-23920 | Untrusted Search Path vulnerability in multiple products An untrusted search path vulnerability exists in Node.js. | 4.2 |
2023-02-16 | CVE-2023-23936 | Injection vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 5.4 |
2022-12-05 | CVE-2022-35256 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. | 6.5 |
2022-08-15 | CVE-2022-35948 | Unspecified vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. | 5.3 |