Nodejs: >> Node.js >> 0.12.17 Security Vulnerabilities
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-01-23
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVSS Score
7.5
EPSS Score
0.01
Published
2017-01-23
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-01-23
Page 2