Max CVSS | 7.5 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-8116 | 7.5 |
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
|
05-08-2022 - 19:32 | 04-02-2020 - 20:15 | |
CVE-2020-15095 | 1.9 |
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and
|
02-08-2022 - 20:44 | 07-07-2020 - 19:15 | |
CVE-2020-8201 | 5.8 |
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit
|
24-05-2022 - 17:24 | 18-09-2020 - 21:15 | |
CVE-2020-8252 | 4.6 |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
|
24-05-2022 - 17:16 | 18-09-2020 - 21:15 | |
CVE-2020-8252 | 7.5 |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
|
30-09-2020 - 20:15 | 18-09-2020 - 21:15 | |
CVE-2020-8201 | 6.4 |
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit
|
29-09-2020 - 18:28 | 18-09-2020 - 21:15 |