The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Node Modules ~ not comprehensive

vulnerability bulletin 29133

Node.js redbird: use of an obsolete version of TLS

Synthesis of the vulnerability

An attacker can use known attacks against TLS 1.0 with a Node.js server with redbird, in order to obtain sensitive information.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 25/04/2019.
Identifiers: NPM-828, VIGILANCE-VUL-29133.

Description of the vulnerability

An attacker can use known attacks against TLS 1.0 with a Node.js server with redbird, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability 29110

Node.js sequelize-cli: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Node.js sequelize-cli, in order to obtain sensitive information.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 23/04/2019.
Identifiers: NPM-825, VIGILANCE-VUL-29110.

Description of the vulnerability

An attacker can bypass access restrictions to data of Node.js sequelize-cli, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 29099

Node.js express-brute: denial of service

Synthesis of the vulnerability

An attacker can bypass request quota managed by Node.js express-brute, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 19/04/2019.
Identifiers: NPM-823, VIGILANCE-VUL-29099.

Description of the vulnerability

An attacker can bypass request quota managed by Node.js express-brute, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 28824

Node.js js-yaml: denial of service

Synthesis of the vulnerability

An attacker can trigger a fatal error of Node.js js-yaml, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 22/03/2019.
Identifiers: NPM-788, VIGILANCE-VUL-28824.

Description of the vulnerability

An attacker can trigger a fatal error of Node.js js-yaml, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 28724

Node.js safer-eval: code execution via Sandbox Breakout

Synthesis of the vulnerability

An attacker can use a vulnerability via Sandbox Breakout of Node.js safer-eval, in order to run code.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 12/03/2019.
Identifiers: NPM-787, VIGILANCE-VUL-28724.

Description of the vulnerability

An attacker can use a vulnerability via Sandbox Breakout of Node.js safer-eval, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 28534

Node.js braces: denial of service via Regular Expression

Synthesis of the vulnerability

An attacker can trigger a fatal error via Regular Expression of Node.js braces, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/02/2019.
Identifiers: NPM-786, VIGILANCE-VUL-28534.

Description of the vulnerability

An attacker can trigger a fatal error via Regular Expression of Node.js braces, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 28533

Node.js clean-css: denial of service via Regular Expression

Synthesis of the vulnerability

An attacker can trigger a fatal error via Regular Expression of Node.js clean-css, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/02/2019.
Identifiers: NPM-785, VIGILANCE-VUL-28533.

Description of the vulnerability

An attacker can trigger a fatal error via Regular Expression of Node.js clean-css, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 28517

Node.js url-relative: denial of service

Synthesis of the vulnerability

An attacker can trigger a fatal error of Node.js url-relative, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/02/2019.
Identifiers: NPM-783, VIGILANCE-VUL-28517.

Description of the vulnerability

An attacker can trigger a fatal error of Node.js url-relative, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 28516

Node.js lodash: privilege escalation via Prototype Pollution

Synthesis of the vulnerability

An attacker can bypass restrictions via Prototype Pollution of Node.js lodash, in order to escalate his privileges.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 14/02/2019.
Identifiers: NPM-782, VIGILANCE-VUL-28516.

Description of the vulnerability

An attacker can bypass restrictions via Prototype Pollution of Node.js lodash, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 28463

Node.js Modules: four vulnerabilities via Prototype Pollution

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Prototype Pollution of Node.js Modules.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 07/02/2019.
Identifiers: NPM-778, NPM-779, NPM-780, NPM-781, VIGILANCE-VUL-28463.

Description of the vulnerability

An attacker can use several vulnerabilities via Prototype Pollution of Node.js Modules.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Node Modules ~ not comprehensive: