Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nodejs Subscribe
Filtered by product Nodejs
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2330 1 Nodejs 1 Nodejs 2023-02-12 6.4 MEDIUM N/A
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
CVE-2013-4450 1 Nodejs 1 Nodejs 2018-08-13 5.0 MEDIUM N/A
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
CVE-2014-5256 1 Nodejs 1 Nodejs 2015-05-11 5.0 MEDIUM N/A
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.