| Max CVSS | 9.3 | Min CVSS | 4.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-8252 | 4.6 |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
|
24-05-2022 - 17:16 | 18-09-2020 - 21:15 | |
| CVE-2020-8174 | 9.3 |
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
|
12-05-2022 - 15:01 | 24-07-2020 - 22:15 | |
| CVE-2020-8277 | 5.0 |
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number
|
10-05-2022 - 15:25 | 19-11-2020 - 01:15 | |
| CVE-2020-8252 | 7.5 |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
|
30-09-2020 - 20:15 | 18-09-2020 - 21:15 |