Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Sep 2014 12:20:32 +0800
From: Paul Wise <>
Subject: CVE request: various NodeJS module vulnerabilities

Hi all,

This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE.

qs Denial-of-Service Memory Exhaustion

qs Denial-of-Service Extended Event Loop Blocking

syntax-error potential for script injection

send Directory Traversal

Crumb CORS Token Disclosure


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.