) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): Node.js
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2013-4660 |
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation. Published: June 28, 2013; 10:55:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2012-2330 |
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string. Published: August 13, 2012; 7:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
| CVE-2011-5037 |
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js. Published: December 29, 2011; 8:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |