The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Node Modules ~ not comprehensive

cybersecurity note 30375

Node.js csv-parse: denial of service via Regular Expression

Synthesis of the vulnerability

An attacker can trigger a fatal error via Regular Expression of Node.js csv-parse, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 20/09/2019.
Identifiers: NPM-1171, VIGILANCE-VUL-30375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via Regular Expression of Node.js csv-parse, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 30354

Node.js subtext: denial of service via maxBytes

Synthesis of the vulnerability

An attacker can trigger a fatal error via maxBytes of Node.js subtext, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 17/09/2019.
Identifiers: NPM-1168, VIGILANCE-VUL-30354.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via maxBytes of Node.js subtext, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 30353

Node.js commercial/subtext: denial of service via maxBytes

Synthesis of the vulnerability

An attacker can trigger a fatal error via maxBytes of Node.js commercial/subtext, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 17/09/2019.
Identifiers: NPM-1166, VIGILANCE-VUL-30353.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via maxBytes of Node.js commercial/subtext, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness note 30352

Node.js hapi/subtext: denial of service via maxBytes

Synthesis of the vulnerability

An attacker can trigger a fatal error via maxBytes of Node.js hapi/subtext, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 17/09/2019.
Identifiers: NPM-1165, VIGILANCE-VUL-30352.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via maxBytes of Node.js hapi/subtext, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2019-5485

Node.js gitlabhook: shell command injection

Synthesis of the vulnerability

An attacker can use a vulnerability of Node.js gitlabhook, in order to run code.
Severity: 2/4.
Creation date: 16/09/2019.
Identifiers: CVE-2019-5485, VIGILANCE-VUL-30337.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability of Node.js gitlabhook, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat note 30212

Node.js larvitbase-api: code execution via Require

Synthesis of the vulnerability

An attacker can use a vulnerability via Require of Node.js larvitbase-api, in order to run code.
Severity: 2/4.
Creation date: 30/08/2019.
Identifiers: NPM-1120, VIGILANCE-VUL-30212.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Require of Node.js larvitbase-api, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness 30201

Node.js graphql-shield: privilege escalation via no_cache

Synthesis of the vulnerability

An attacker can bypass restrictions via no_cache of Node.js graphql-shield, in order to escalate his privileges.
Severity: 2/4.
Creation date: 29/08/2019.
Identifiers: NPM-1121, VIGILANCE-VUL-30201.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via no_cache of Node.js graphql-shield, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness announce 30140

Node.js eslint-utils: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Node.js eslint-utils, in order to run code.
Severity: 2/4.
Creation date: 23/08/2019.
Identifiers: NPM-1118, VIGILANCE-VUL-30140.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability of Node.js eslint-utils, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness note 30088

Node.js risingstack/protect: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js risingstack/protect, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 19/08/2019.
Identifiers: NPM-1116, VIGILANCE-VUL-30088.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js risingstack/protect, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat 29952

Node.js grpc-ts-health-check: denial of service

Synthesis of the vulnerability

An attacker can trigger a fatal error of Node.js grpc-ts-health-check, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 06/08/2019.
Identifiers: NPM-1097, VIGILANCE-VUL-29952.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error of Node.js grpc-ts-health-check, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Node Modules ~ not comprehensive: