Date: Wed, 24 Sep 2014 12:20:32 +0800 From: Paul Wise <pabs3@...edaddy.net> To: oss-security@...ts.openwall.com, contact@...tsecurity.io Subject: CVE request: various NodeJS module vulnerabilities Hi all, This is a request for CVEs for the following vulnerabilities discovered by the Node Security Project. I left out their advisories where I could find an assigned CVE. https://nodesecurity.io/advisories qs Denial-of-Service Memory Exhaustion https://nodesecurity.io/advisories/qs_dos_memory_exhaustion qs Denial-of-Service Extended Event Loop Blocking https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking syntax-error potential for script injection https://nodesecurity.io/advisories/syntax-error-potential-script-injection send Directory Traversal https://nodesecurity.io/advisories/send-directory-traversal Crumb CORS Token Disclosure https://nodesecurity.io/advisories/crumb_cors_token_disclosure -- bye, pabs http://bonedaddy.net/pabs3/ [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ