Information on source package nodejs

Available versions

ReleaseVersion
stretch4.8.2~dfsg-1
buster10.21.0~dfsg-1~deb10u1
bullseye12.18.2~dfsg-1
sid12.18.3~dfsg-1

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-8174vulnerable (no DSA, ignored)fixedfixedfixednapi_get_value_string_*() allows various kinds of memory corruption in ...
CVE-2020-11080vulnerable (no DSA, ignored)fixedfixedfixedIn nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...
CVE-2019-15606vulnerable (no DSA, ignored)fixedfixedfixedIncluding trailing white space in HTTP header values in Nodejs 10, 12, ...
CVE-2019-15605vulnerable (no DSA, ignored)fixedfixedfixedHTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...
CVE-2019-15604vulnerable (no DSA, ignored)fixedfixedfixedImproper Certificate Validation in Node.js 10, 12, and 13 causes the p ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2019-5739vulnerablefixedfixedfixedKeep-alive HTTP and HTTPS connections can remain open and inactive for ...
CVE-2019-5737vulnerablefixedfixedfixedIn Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before ...
CVE-2018-7167vulnerablefixedfixedfixedCalling Buffer.fill() or Buffer.alloc() with some parameters can lead ...
CVE-2018-7159vulnerablefixedfixedfixedThe HTTP parser in all current versions of Node.js ignores spaces in t ...
CVE-2018-7158vulnerablefixedfixedfixedThe `'path'` module in the Node.js 4.x release line contains a potenti ...
CVE-2018-12123vulnerablefixedfixedfixedNode.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...
CVE-2018-12122vulnerablefixedfixedfixedNode.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...
CVE-2018-12121vulnerablefixedfixedfixedNode.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...
CVE-2018-12120vulnerablefixedfixedfixedNode.js: All versions prior to Node.js 6.15.0: Debugger port 5858 list ...
CVE-2018-12116vulnerablefixedfixedfixedNode.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request ...
CVE-2018-12115vulnerablefixedfixedfixedIn all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when use ...
CVE-2017-11499vulnerablefixedfixedfixedNode.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ...

Resolved issues

BugDescription
CVE-2020-8172TLS session reuse can lead to host certificate verification bypass in ...
CVE-2019-9514Some HTTP/2 implementations are vulnerable to a reset flood, potential ...
CVE-2019-9513Some HTTP/2 implementations are vulnerable to resource loops, potentia ...
CVE-2019-9511Some HTTP/2 implementations are vulnerable to window size manipulation ...
CVE-2018-7166In all versions of Node.js 10 prior to 10.9.0, an argument processing ...
CVE-2018-7164Node.js versions 9.7.0 and later and 10.x are vulnerable and the sever ...
CVE-2018-7162All versions of Node.js 9.x and 10.x are vulnerable and the severity i ...
CVE-2018-7161All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ...
CVE-2018-7160The Node.js inspector, in 6.x and later is vulnerable to a DNS rebindi ...
CVE-2017-15897Node.js had a bug in versions 8.X and 9.X which caused buffers to not ...
CVE-2017-15896Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards ...
CVE-2017-14919Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows r ...
CVE-2017-14849Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...
CVE-2016-7099The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...
CVE-2016-5325CRLF injection vulnerability in the ServerResponse#writeHead function ...
CVE-2016-2216The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...
CVE-2016-2086Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0 ...
CVE-2016-1669The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as us ...
CVE-2015-8027Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 d ...
CVE-2015-7384Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a den ...
CVE-2015-6764The BasicJsonStringifier::SerializeJSArray function in json-stringifie ...
CVE-2015-5380The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in ...
CVE-2014-9748The uv_rwlock_t fallback implementation for Windows XP and Server 2003 ...
CVE-2014-5256Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider th ...
CVE-2013-4450The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8. ...
CVE-2012-2330The Update method in src/node_http_parser.cc in Node.js before 0.6.17 ...

Security announcements

DSA / DLADescription
DSA-4696-1nodejs - security update
DSA-4669-1nodejs - security update

Search for package or bug name: Reporting problems