Multiple vulnerabilities in Node.js

Описание

Multiple serious vulnerabilities have been found in Node.js. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

1. An unspecified vulnerability in the HTTP parser can be exploited remotely via Content-Length parameter to perform unspecified attacks;
2. A regular expression vulnerability in the ‘path’ module can be exploited remotely via specially crafted string to cause denial of service;
3. A DNS rebinding vulnerability in Node.js Inspector can be exploited remotely co execute arbitrary code.

---

Technical details

Vulnerability (2) affects only Node.js 4.x

Vulnerability (3) affects only Node.js 6.x

Первичный источник обнаружения

• March 2018 Security Releases
  

Связанные продукты

• Node.js

Список CVE

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com