CVE-2024-22017
- EPSS 0.52%
- Veröffentlicht 19.03.2024 05:15:10
- Zuletzt bearbeitet 21.11.2024 08:55:24
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vuln...
CVE-2024-21896
- EPSS 0.61%
- Veröffentlicht 20.02.2024 02:15:50
- Zuletzt bearbeitet 02.04.2025 20:09:59
The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.r...
- EPSS 1.26%
- Veröffentlicht 05.09.2014 17:55:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory cor...
- EPSS 68.25%
- Veröffentlicht 21.10.2013 17:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
CVE-2012-2330
- EPSS 0.62%
- Veröffentlicht 13.08.2012 23:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP...