Message-ID: <1411952951.6106.20.camel@bonedaddy.net> Date: 2014年9月29日 09:09:11 +0800 From: Paul Wise <pabs3@...edaddy.net> To: oss-security@...ts.openwall.com, contact@...tsecurity.io Subject: CVE request: various NodeJS module vulnerabilities Hi all, This is a request for CVEs for the following vulnerabilities discovered by the Node Security Project. I left out their advisories where I could find an assigned CVE. https://nodesecurity.io/advisories Arbitrary JavaScript Execution in Bassmaster https://nodesecurity.io/advisories/bassmaster_js_injection qs Denial-of-Service Memory Exhaustion https://nodesecurity.io/advisories/qs_dos_memory_exhaustion qs Denial-of-Service Extended Event Loop Blocking https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking syntax-error potential for script injection https://nodesecurity.io/advisories/syntax-error-potential-script-injection send Directory Traversal https://nodesecurity.io/advisories/send-directory-traversal Crumb CORS Token Disclosure https://nodesecurity.io/advisories/crumb_cors_token_disclosure -- bye, pabs http://bonedaddy.net/pabs3/ Download attachment "signature.asc " of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.