Skip to content

Commit

Permalink
vuln: add october 2023 security release vulns
Browse files Browse the repository at this point in the history
  • Loading branch information
RafaelGSS committed Oct 13, 2023
1 parent 6b0e2b5 commit d3253f1
Show file tree
Hide file tree
Showing 7 changed files with 120 additions and 0 deletions.
8 changes: 8 additions & 0 deletions vuln/core/125.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"cve": ["CVE-2023-45143"],
"vulnerable": "18.x || 20.x",
"patched": "^18.18.2 || ^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Cookie headers are not cleared in cross-domain redirect in undici-fetch (High)",
"affectedEnvironments": ["all"]
}
8 changes: 8 additions & 0 deletions vuln/core/126.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"cve": ["CVE-2023-44487"],
"vulnerable": "18.x || 20.x",
"patched": "^18.18.2 || ^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Rapidly creating and cancelling streams (HEADERS frame immediately followed by RST_STREAM) without bound cause denial of service (High)",
"affectedEnvironments": ["all"]
}
8 changes: 8 additions & 0 deletions vuln/core/127.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"cve": ["CVE-2023-39331"],
"vulnerable": "20.x",
"patched": "^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently. The implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations (High)",
"affectedEnvironments": ["all"]
}
8 changes: 8 additions & 0 deletions vuln/core/128.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"cve": ["CVE-2023-39332"],
"vulnerable": "20.x",
"patched": "^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Path traversal through path stored in Uint8Array (High)",
"affectedEnvironments": ["all"]
}
8 changes: 8 additions & 0 deletions vuln/core/129.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"cve": ["CVE-2023-38552"],
"vulnerable": "18.x || 20.x",
"patched": "^18.18.2 || ^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Integrity checks according to experimental policies can be circumvented (Medium)",
"affectedEnvironments": ["all"]
}
8 changes: 8 additions & 0 deletions vuln/core/130.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"cve": ["CVE-2023-39333"],
"vulnerable": "18.x || 20.x",
"patched": "^18.18.2 || ^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Code injection via WebAssembly export names (Low)",
"affectedEnvironments": ["all"]
}
72 changes: 72 additions & 0 deletions vuln/core/index.json
Original file line number Diff line number Diff line change
Expand Up @@ -1546,5 +1546,77 @@
"affectedEnvironments": [
"all"
]
},
"125": {
"cve": [
"CVE-2023-45143"
],
"vulnerable": "18.x || 20.x",
"patched": "^18.18.2 || ^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Cookie headers are not cleared in cross-domain redirect in undici-fetch (High)",
"affectedEnvironments": [
"all"
]
},
"126": {
"cve": [
"CVE-2023-44487"
],
"vulnerable": "18.x || 20.x",
"patched": "^18.18.2 || ^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Rapidly creating and cancelling streams (HEADERS frame immediately followed by RST_STREAM) without bound cause denial of service (High)",
"affectedEnvironments": [
"all"
]
},
"127": {
"cve": [
"CVE-2023-39331"
],
"vulnerable": "20.x",
"patched": "^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently. The implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations (High)",
"affectedEnvironments": [
"all"
]
},
"128": {
"cve": [
"CVE-2023-39332"
],
"vulnerable": "20.x",
"patched": "^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Path traversal through path stored in Uint8Array (High)",
"affectedEnvironments": [
"all"
]
},
"129": {
"cve": [
"CVE-2023-38552"
],
"vulnerable": "18.x || 20.x",
"patched": "^18.18.2 || ^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Integrity checks according to experimental policies can be circumvented (Medium)",
"affectedEnvironments": [
"all"
]
},
"130": {
"cve": [
"CVE-2023-39333"
],
"vulnerable": "18.x || 20.x",
"patched": "^18.18.2 || ^20.8.1",
"ref": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/",
"overview": "Code injection via WebAssembly export names (Low)",
"affectedEnvironments": [
"all"
]
}
}

0 comments on commit d3253f1

Please sign in to comment.