[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 29 Sep 2014 09:09:11 +0800
From: Paul Wise <pabs3@...edaddy.net>
To: oss-security@...ts.openwall.com, contact@...tsecurity.io
Subject: CVE request: various NodeJS module vulnerabilities
Hi all,
This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE.
https://nodesecurity.io/advisories
Arbitrary JavaScript Execution in Bassmaster
https://nodesecurity.io/advisories/bassmaster_js_injection
qs Denial-of-Service Memory Exhaustion
https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
qs Denial-of-Service Extended Event Loop Blocking
https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking
syntax-error potential for script injection
https://nodesecurity.io/advisories/syntax-error-potential-script-injection
send Directory Traversal
https://nodesecurity.io/advisories/send-directory-traversal
Crumb CORS Token Disclosure
https://nodesecurity.io/advisories/crumb_cors_token_disclosure
--
bye,
pabs
http://bonedaddy.net/pabs3/
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
