Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1411952951.6106.20.camel@bonedaddy.net>
Date: Mon, 29 Sep 2014 09:09:11 +0800
From: Paul Wise <pabs3@...edaddy.net>
To: oss-security@...ts.openwall.com, contact@...tsecurity.io
Subject: CVE request: various NodeJS module vulnerabilities

Hi all,

This is a request for CVEs for the following vulnerabilities discovered
by the Node Security Project. I left out their advisories where I could
find an assigned CVE.

https://nodesecurity.io/advisories

Arbitrary JavaScript Execution in Bassmaster
https://nodesecurity.io/advisories/bassmaster_js_injection

qs Denial-of-Service Memory Exhaustion
https://nodesecurity.io/advisories/qs_dos_memory_exhaustion

qs Denial-of-Service Extended Event Loop Blocking
https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking

syntax-error potential for script injection
https://nodesecurity.io/advisories/syntax-error-potential-script-injection

send Directory Traversal
https://nodesecurity.io/advisories/send-directory-traversal

Crumb CORS Token Disclosure
https://nodesecurity.io/advisories/crumb_cors_token_disclosure


-- 
bye,
pabs

http://bonedaddy.net/pabs3/

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.