CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40340
https://notcve.org/view.php?id=CVE-2023-40340
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3196 •
CVSS: 6.8EPSS: 2%CPEs: 58EXPL: 1CVE-2014-5256 – V8: Memory Corruption and Stack Overflow
https://notcve.org/view.php?id=CVE-2014-5256
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack. Node.js 0.8 anterior a 0.8.28 y 0.10 anterior a 0.10.30 no considera la posibilidad del procesamiento recursivo que provoca la recolección de basura V8 en conjunto con una interrupción V8, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de objetos JSON profundos cuyo análisis sintáctico deje que esta interrupción enmascare un desbordamiento de la pila del programa. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. • http://advisories.mageia.org/MGASA-2014-0516.html http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow http://secunia.com/advisories/61260 http://www-01.ibm.com/support/docview.wss?uid=swg21684769 http://www.mandriva.com/security/advisories?name=MDVSA-2015:142 https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356 https://access.redhat.com/security/cve/CVE-2014-5256 https://bugzilla.redhat.com/show_bug.cgi?id=1125464 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.0EPSS: 11%CPEs: 47EXPL: 1CVE-2013-4450 – NodeJS: HTTP Pipelining DoS
https://notcve.org/view.php?id=CVE-2013-4450
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. El servidor HTTP en Node.js 0.10.x anterior a la versión 0.10.21 y 0.8.x anterior a 0.8.26 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) mediante el envío de un número largo de solicitudes canalizadas sin leer la respuesta. • http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance http://lists.opensuse.org/opensuse-updates/2013-12/msg00051.html http://rhn.redhat.com/errata/RHSA-2013-1842.html http://www.openwall.com/lists/oss-security/2013/10/20/1 http://www.securityfocus.com/bid/63229 https://github.com/joyent/node/issues/6214 https://github.com/rapid7/metasploit-framework/pull/2548 https://groups.google.com/forum/# • CWE-20: Improper Input Validation •