Max CVSS 7.5 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-15605 7.5
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
07-03-2024 - 21:24 07-02-2020 - 15:15
CVE-2019-15606 7.5
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
07-03-2024 - 21:24 07-02-2020 - 15:15
CVE-2019-15604 5.0
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
07-03-2024 - 21:24 07-02-2020 - 15:15
CVE-2019-16775 4.0
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the
24-01-2023 - 16:10 13-12-2019 - 01:15
CVE-2019-16777 5.5
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and cre
02-08-2022 - 20:45 13-12-2019 - 01:15
CVE-2019-16776 5.5
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field wou
02-08-2022 - 20:45 13-12-2019 - 01:15
Back to Top Mark selected
Back to Top