Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:nodejs:node.js:0.0.4:*:*:*:*:*:*:*
There are 22 matching records.
Displaying matches 21 through 22.
Vuln ID Summary CVSS Severity
CVE-2015-5380

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.

Published: July 09, 2015; 6:59:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

Published: October 18, 2014; 9:55:21 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM