nodejs - CVE CyberSecurity Database News

Oct 12, 2023 nodejs undici

CVE-2023-45143 - Undici HTTP/1.1 Client Cookie Header Leakage Vulnerability

Undici is a popular HTTP/1.1 client used by many web developers in their Node.js applications. It is valued for its fast and

Feb 23, 2023 Exploit nodejs Node.js

CVE-2023-23918: Node.js Privilege Escalation Vulnerability via process.mainModule.require()

A recent vulnerability, CVE-2023-23918, was discovered affecting Node.js versions prior to 19.6.1, 18.14.1, 16.19.1, and 14.21.3.

Feb 23, 2023 Exploit nodejs Node.js

CVE-2023-23919: Node.js OpenSSL Error Stack Not Cleared, Leading To False Positive Errors and Potential Denial Of Service

A newly discovered cryptographic vulnerability, identified as CVE-2023-23919, affects certain Node.js versions. Specifically, this vulnerability impacts Node.js versions <19.2., <18.

CVE-2023-23936 - CRLF Injection Vulnerability in Undici HTTP/1.1 Client for Node.js

Feb 16, 2023 XSS nodejs undici

CVE-2023-23936 - CRLF Injection Vulnerability in Undici HTTP/1.1 Client for Node.js

A critical vulnerability (CVE-2023-23936) has been discovered in Undici, a fast and efficient HTTP/1.1 client for Node.js, specifically concerning CRLF (Carriage Return

Feb 16, 2023 Exploit nodejs undici

CVE-2023-24807: Mitigating Regular Expression Denial of Service (ReDoS) in Undici HTTP Client for Node.js

Undici is a high-performance HTTP/1.1 client for Node.js, widely used in applications requiring reliable network communication. A recent vulnerability, identified as CVE-2023-24807,