This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Nodejs First view 2013-10-21
Product Nodejs Last view 2014-09-05
Version 0.8.12 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:nodejs:nodejs

Activity : Overall

Related : CVE

  Date Alert Description
5 2014-09-05 CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
5 2013-10-21 CVE-2013-4450

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

id Description
2015-03-30 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2015-142.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-965.nasl - Type: ACT_GATHER_INFO
2013-11-11 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2013-19512.nasl - Type: ACT_GATHER_INFO
2013-10-29 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2013-19491.nasl - Type: ACT_GATHER_INFO
2013-10-29 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2013-19497.nasl - Type: ACT_GATHER_INFO