Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Node.js - HackerOne Reports

View on HackerOne

113

Total Reports

8

Critical

37

High

44

Medium

15

Low

Bypass incomplete fix of CVE-2024-27980

Reported by: tianst | Disclosed:

High

Weakness: Command Injection - Generic

Improper handling of wildcards in --allow-fs-read and --allow-fs-write

Reported by: tniessen | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Remotely trigger an assertion on a TLS server with a malformed certificate string

Reported by: rogierschouten | Disclosed:

Critical

Weakness: Improper Certificate Validation

OOB read in libuv

Reported by: ericsesterhenn | Disclosed:

Medium

Weakness: Buffer Over-read

Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)

Reported by: hkario | Disclosed:

Medium

Weakness: Use of a Broken or Risky Cryptographic Algorithm

DNS rebinding in --inspect (again) via invalid IP addresses

Reported by: haxatron1 | Disclosed:

High

Weakness: OS Command Injection

Policy-restricted modules can escalate to higher privileges by impersonating other modules in a policy list using module.constructor.createRequire()

Reported by: haxatron1 | Disclosed:

Medium

Weakness: Privilege Escalation

loader.js is not secure

Reported by: cdpython | Disclosed:

Weakness: Code Injection

DNS rebinding in --inspect (insufficient fix of CVE-2018-7160)

Reported by: v6ak | Disclosed:

High

Weakness: Improper Access Control - Generic

Bounty: $500.00

CVEs: CVE-2018-7160

"Assertion failed" in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash

Reported by: bart | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS

Reported by: mhdawson | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

DNS rebinding in --inspect via invalid octal IP address

Reported by: haxatron1 | Disclosed:

Medium

Weakness: OS Command Injection

node.js process aborts when processing x509 certs with invalid public key information

Reported by: m_r_beauchamp | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Previous Page 6 of 6