Nodejs Node.js 14.19.1 LTS Edition

CPE Details

Nodejs Node.js 14.19.1 LTS Edition
nodejs
node.js
14.19.1
2022-07-26
16h54 +00:00
2022-07-26
16h58 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:nodejs:node.js:14.19.1:*:*:*:lts:*:*:*

Informations

Vendor

nodejs

Product

node.js

Version

14.19.1

Software Edition

lts

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-23918 2023-02-23 00h00 +00:00 A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
7.5
Haute
CVE-2023-23919 2023-02-23 00h00 +00:00 A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
7.5
Haute
CVE-2023-23920 2023-02-22 23h00 +00:00 An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
4.2
Moyen
CVE-2022-35256 2022-12-04 23h00 +00:00 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
6.5
Moyen
CVE-2022-43548 2022-12-04 23h00 +00:00 A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
8.1
Haute
CVE-2022-32223 2022-07-14 12h51 +00:00 Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.
7.3
Haute
CVE-2022-32212 2022-07-13 22h00 +00:00 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
8.1
Haute
CVE-2022-32213 2022-07-13 22h00 +00:00 The llhttp parser
6.5
Moyen
CVE-2022-32214 2022-07-13 22h00 +00:00 The llhttp parser
6.5
Moyen
CVE-2022-32215 2022-07-13 22h00 +00:00 The llhttp parser
6.5
Moyen