Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 29 Sep 2014 09:09:11 +0800
From: Paul Wise <pabs3@...edaddy.net>
To: oss-security@...ts.openwall.com, contact@...tsecurity.io
Subject: CVE request: various NodeJS module vulnerabilities

Hi all,

This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE.

https://nodesecurity.io/advisories

Arbitrary JavaScript Execution in Bassmaster
https://nodesecurity.io/advisories/bassmaster_js_injection

qs Denial-of-Service Memory Exhaustion
https://nodesecurity.io/advisories/qs_dos_memory_exhaustion

qs Denial-of-Service Extended Event Loop Blocking
https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking

syntax-error potential for script injection
https://nodesecurity.io/advisories/syntax-error-potential-script-injection

send Directory Traversal
https://nodesecurity.io/advisories/send-directory-traversal

Crumb CORS Token Disclosure
https://nodesecurity.io/advisories/crumb_cors_token_disclosure


-- 
bye,
pabs

http://bonedaddy.net/pabs3/

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ