oss-sec mailing list archives

CVE request: various NodeJS module vulnerabilities

From: Paul Wise <pabs3 () bonedaddy net>
Date: Wed, 24 Sep 2014 12:20:32 +0800

Hi all,

This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE.

https://nodesecurity.io/advisories

qs Denial-of-Service Memory Exhaustion
https://nodesecurity.io/advisories/qs_dos_memory_exhaustion

qs Denial-of-Service Extended Event Loop Blocking
https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking

syntax-error potential for script injection
https://nodesecurity.io/advisories/syntax-error-potential-script-injection

send Directory Traversal
https://nodesecurity.io/advisories/send-directory-traversal

Crumb CORS Token Disclosure
https://nodesecurity.io/advisories/crumb_cors_token_disclosure

-- 
bye,
pabs

http://bonedaddy.net/pabs3/

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

CVE request: various NodeJS module vulnerabilities Paul Wise (Sep 23)
- Re: CVE request: various NodeJS module vulnerabilities cve-assign (Sep 29)
- <Possible follow-ups>
- CVE request: various NodeJS module vulnerabilities Paul Wise (Sep 28)