Node.js FoundationPatching for Windows Mac Linux
CVE Vulnerabilities for Node.js LTS
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2014‑5256 | 2014‑09‑05 17:55:07 | MEDIUM (5) | Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack. | 0 | 0 | NETWORK |
| CVE‑2013‑4450 | 2013‑10‑21 17:55:04 | MEDIUM (5) | The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. | 0 | 0 | NETWORK |
| CVE‑2012‑2330 | 2012‑08‑13 23:55:01 | MEDIUM (6) | The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string. | 0 | 0 | NETWORK |
What applications does Lavawall® monitor?
Lavawall monitors patches for over 7,500 applications. This is a summary of the most popular applications.Click here for the full list.
Click the applications below for the current version and known vulnerabilities.
Logos are property of their respective trademark holders and are not affiliated with ThreeShield or Lavawall. We have not audited the security of most of the listed tools.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.