Exposição de Node.js
Programming languages96
score de exposição
532.066
sites usam
0
em exploração
4
críticos
CVEs
127 resultadosCVE-2024-36138HIGHBypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childEPSS 1.1%CVE-2026-21637MEDIUMA flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallbaEPSS 1.1%CVE-2023-30581HIGHThe use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.jsoEPSS 1.1%CVE-2023-32003MEDIUM`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from EPSS 1.0%CVE-2025-55131HIGHA flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module witEPSS 1.0%CVE-2024-21890MEDIUMThe Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. EPSS 0.9%CVE-2023-39333MEDIUMMaliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data EPSS 0.9%CVE-2025-59465HIGHA malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` erEPSS 0.9%CVE-2023-30769CRITICALRab13s ExploitEPSS 0.9%CVE-2024-22017HIGHsetuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().
This allows the process to performEPSS 0.9%CVE-2025-27209HIGHThe V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HasEPSS 0.8%CVE-2025-23166HIGHThe C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background tEPSS 0.8%CVE-2023-30587HIGHA vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspectEPSS 0.7%CVE-2023-30583HIGHfs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in EPSS 0.7%CVE-2020-8252—The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which EPSS 0.7%CVE-2026-21636MEDIUMA flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass network restrictions when `--permission` is enablEPSS 0.7%CVE-2025-59466MEDIUMWe have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.creaEPSS 0.6%CVE-2021-40831MEDIUMMissing SNI validation and inconsistent CA override function behavior within AWS IoT Device SDKs on Apple devicesEPSS 0.6%CVE-2023-30582MEDIUMA vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flaEPSS 0.6%CVE-2024-21892HIGHOn Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running withEPSS 0.6%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →