|
Message-ID: <1411532432.17652.15.camel@bonedaddy.net>
Date: Wed, 24 Sep 2014 12:20:32 +0800
From: Paul Wise <pabs3@...edaddy.net>
To: oss-security@...ts.openwall.com, contact@...tsecurity.io
Subject: CVE request: various NodeJS module vulnerabilities
Hi all,
This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE.
https://nodesecurity.io/advisories
qs Denial-of-Service Memory Exhaustion
https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
qs Denial-of-Service Extended Event Loop Blocking
https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking
syntax-error potential for script injection
https://nodesecurity.io/advisories/syntax-error-potential-script-injection
send Directory Traversal
https://nodesecurity.io/advisories/send-directory-traversal
Crumb CORS Token Disclosure
https://nodesecurity.io/advisories/crumb_cors_token_disclosure
--
bye,
pabs
http://bonedaddy.net/pabs3/
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.