The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Node Modules ~ not comprehensive

vulnerability announce 29662

Node.js apostrophe: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of Node.js apostrophe, in order to redirect him to a malicious site.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 01/07/2019.
Identifiers: NPM-1029, VIGILANCE-VUL-29662.

Description of the vulnerability

The apostrophe module can be installed on Node.js.

However, the web service accepts to redirect the victim with no warning, to an external site indicated by the attacker.

An attacker can therefore deceive the user of Node.js apostrophe, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 29315

Node.js fstream: privilege escalation via File Overwrite

Synthesis of the vulnerability

An attacker can bypass restrictions via File Overwrite of Node.js fstream, in order to escalate his privileges.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 15/05/2019.
Identifiers: NPM-886, VIGILANCE-VUL-29315.

Description of the vulnerability

An attacker can bypass restrictions via File Overwrite of Node.js fstream, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 29313

Node.js web3: privilege escalation via Insecure Credential Storage

Synthesis of the vulnerability

An attacker can bypass restrictions via Insecure Credential Storage of Node.js web3, in order to escalate his privileges.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: document.
Creation date: 15/05/2019.
Identifiers: NPM-877, VIGILANCE-VUL-29313.

Description of the vulnerability

An attacker can bypass restrictions via Insecure Credential Storage of Node.js web3, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 29309

Node.js modules: Discord account spoofing via malicious packages

Synthesis of the vulnerability

An attacker spread a malware hidden in some Node.js modules, in order to steal Discord access tokens.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user shell.
Creation date: 15/05/2019.
Identifiers: NPM-872, NPM-873, NPM-874, VIGILANCE-VUL-29309.

Description of the vulnerability

An attacker spread a malware hidden in some Node.js modules, in order to steal Discord access tokens.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 29308

Node.js bootbox: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js bootbox, in order to run JavaScript code in the context of the web site.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 15/05/2019.
Identifiers: NPM-882, VIGILANCE-VUL-29308.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js bootbox, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability 29230

Node.js preact: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js preact, in order to run JavaScript code in the context of the web site.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 06/05/2019.
Identifiers: NPM-835, VIGILANCE-VUL-29230.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js preact, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 29229

Node.js graphql-code-generator: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js graphql-code-generator, in order to read or write data in the session.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 06/05/2019.
Identifiers: NPM-834, VIGILANCE-VUL-29229.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js graphql-code-generator, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-10531

Node.js marked: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Impacted products: IBM API Connect, Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2016-10531, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, ibm10885478, VIGILANCE-VUL-29158.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-3721

Node.js lodash: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Node.js lodash, in order to escalate his privileges.
Impacted products: IBM API Connect, Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2018-3721, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, ibm10885478, VIGILANCE-VUL-29157.

Description of the vulnerability

An attacker can bypass restrictions of Node.js lodash, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 29134

Node.js jwt-simple: bypass of cryptographic signature check

Synthesis of the vulnerability

An attacker can make profit of a wrong choice of default algorithm in Node.js jwt-simple, in order to get able to change data that should be signed.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 25/04/2019.
Identifiers: NPM-831, VIGILANCE-VUL-29134.

Description of the vulnerability

An attacker can make profit of a wrong choice of default algorithm in Node.js jwt-simple, in order to get able to change data that should be signed.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Node Modules ~ not comprehensive: