| Max CVSS | 6.8 | Min CVSS | 6.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-8287 | 6.4 |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This c
|
03-02-2023 - 19:12 | 06-01-2021 - 21:15 | |
| CVE-2019-9516 | 6.8 |
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h
|
05-08-2022 - 14:52 | 13-08-2019 - 21:15 | |
| CVE-2020-8265 | 6.8 |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap
|
06-04-2022 - 16:26 | 06-01-2021 - 21:15 |