The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Node.js Modules ~ not comprehensive

computer vulnerability alert 24776

Node.js ecstatic: denial of service via Null Bytes

Synthesis of the vulnerability

An attacker can generate a fatal error via Null Bytes of Node.js ecstatic, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/12/2017.
Identifiers: VIGILANCE-VUL-24776.

Description of the vulnerability

An attacker can generate a fatal error via Null Bytes of Node.js ecstatic, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-1001002 CVE-2017-1001003

Node.js mathjs: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Node.js mathjs, in order to run code.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/12/2017.
Identifiers: CVE-2017-1001002, CVE-2017-1001003, ESA-2017-24, VIGILANCE-VUL-24674.

Description of the vulnerability

An attacker can use a vulnerability of Node.js mathjs, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-18214

Node.js moment: denial of service via Regular Expression

Synthesis of the vulnerability

An attacker can generate a fatal error via Regular Expression of Node.js moment, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive, Nessus.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/11/2017.
Identifiers: CERTFR-2019-AVI-132, CVE-2017-18214, TNS-2019-02, VIGILANCE-VUL-24557.

Description of the vulnerability

An attacker can generate a fatal error via Regular Expression of Node.js moment, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-1000188 CVE-2017-1000189 CVE-2017-1000228

Node.js ejs: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Node.js ejs.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/11/2017.
Identifiers: CVE-2017-1000188, CVE-2017-1000189, CVE-2017-1000228, VIGILANCE-VUL-24487.

Description of the vulnerability

An attacker can use several vulnerabilities of Node.js ejs.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 24403

Node.js ws: denial of service via Sec-WebSocket-Extensions

Synthesis of the vulnerability

An attacker can generate a fatal error via Sec-WebSocket-Extensions of Node.js ws, in order to trigger a denial of service.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 09/11/2017.
Identifiers: VIGILANCE-VUL-24403.

Description of the vulnerability

An attacker can generate a fatal error via Sec-WebSocket-Extensions of Node.js ws, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 24239

Node.js nodeload-nmickuli: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js nodeload-nmickuli, in order to read a file outside the service root path.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/10/2017.
Identifiers: VIGILANCE-VUL-24239.

Description of the vulnerability

An attacker can traverse directories of Node.js nodeload-nmickuli, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 24238

Node.js wenluhong1: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js wenluhong1, in order to read a file outside the service root path.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/10/2017.
Identifiers: VIGILANCE-VUL-24238.

Description of the vulnerability

An attacker can traverse directories of Node.js wenluhong1, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 24237

Node.js city-weather-abe: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js city-weather-abe, in order to read a file outside the service root path.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/10/2017.
Identifiers: VIGILANCE-VUL-24237.

Description of the vulnerability

An attacker can traverse directories of Node.js city-weather-abe, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 24187

Node.js static-eval: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Node.js static-eval, in order to run code.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 19/10/2017.
Identifiers: VIGILANCE-VUL-24187.

Description of the vulnerability

An attacker can use a vulnerability of Node.js static-eval, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 24149

Node.js aegir: information disclosure via Github Token

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Github Token of Node.js aegir, in order to obtain sensitive information.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 16/10/2017.
Identifiers: VIGILANCE-VUL-24149.

Description of the vulnerability

An attacker can bypass access restrictions to data via Github Token of Node.js aegir, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Node.js Modules ~ not comprehensive: