Max CVSS 7.5 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-8201 5.8
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit
24-05-2022 - 17:24 18-09-2020 - 21:15
CVE-2020-8252 4.6
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
24-05-2022 - 17:16 18-09-2020 - 21:15
CVE-2020-15095 1.9
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and
11-01-2021 - 11:15 07-07-2020 - 19:15
CVE-2020-8252 7.5
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
30-09-2020 - 20:15 18-09-2020 - 21:15
CVE-2020-8201 6.4
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit
29-09-2020 - 18:28 18-09-2020 - 21:15
Back to Top Mark selected
Back to Top