2 results (0.036 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3196 •

CVSS: 6.8EPSS: 2%CPEs: 58EXPL: 1

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack. Node.js 0.8 anterior a 0.8.28 y 0.10 anterior a 0.10.30 no considera la posibilidad del procesamiento recursivo que provoca la recolección de basura V8 en conjunto con una interrupción V8, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de objetos JSON profundos cuyo análisis sintáctico deje que esta interrupción enmascare un desbordamiento de la pila del programa. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. • http://advisories.mageia.org/MGASA-2014-0516.html http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow http://secunia.com/advisories/61260 http://www-01.ibm.com/support/docview.wss?uid=swg21684769 http://www.mandriva.com/security/advisories?name=MDVSA-2015:142 https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356 https://access.redhat.com/security/cve/CVE-2014-5256 https://bugzilla.redhat.com/show_bug.cgi?id=1125464 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •