Node.js Program Statistics

View program

18 total issues disclosed

$2,400 total paid publicly

Most disclosed (4 disclosures) — HTTP Request Smuggling

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
HTTP Request Smuggling due to ignoring chunk extensions HTTP Request Smuggling mkg Medium 2021-11-02
HTTP Request Smuggling due to accepting space before colon HTTP Request Smuggling mkg Medium 2021-10-20
Built-in TLS module unexpectedly treats "rejectUnauthorized: undefined" as "rejectUnauthorized: false", disabling all certificate validation Improper Certificate Validation pimterry Low 2021-09-10
OOB read in libuv Buffer Over-read ericsesterhenn Medium 2021-07-05
Node Installer Local Privilege Escalation Privilege Escalation deepsurface-robert Medium 2021-07-01
HTTP Request Smuggling due to CR-to-Hyphen conversion HTTP Request Smuggling amitklein High 2020-10-17
Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests Denial of Service shogunpanda Critical 2020-10-17
Slowloris, body parsing Denial of Service underflow0 Low 2020-10-17
`fs.realpath.native` on darwin may cause buffer overflow Classic Buffer Overflow ashi009 Medium 2020-10-17
Malformed HTTP/2 SETTINGS frame leads to reachable assert Denial of Service jzebor Critical 2020-07-03
napi_get_value_string_X allow various kinds of memory corruption Memory Corruption - Generic tniessen High 2020-07-02
Node.js: TLS session reuse can lead to hostname verification bypass Man-in-the-Middle fwilhelm High 2020-06-03
HTTP request smuggling using malformed Transfer-Encoding header HTTP Request Smuggling erubinson Critical 2020-03-07
HTTP header values do not have trailing OWS trimmed Improper Input Validation alyssawilk High 2020-02-24
Remotely trigger an assertion on a TLS server with a malformed certificate string Improper Certificate Validation rogierschouten Critical 2020-02-06
Http request splitting HTTP Response Splitting arkadiyt Medium 2020-01-15
Your page has 2 blocking CSS resources. This causes a delay in rendering your page. Array Index Underflow joy271 Critical 2018-07-15
registry.nodejs.org Subdomain Takeover Man-in-the-Middle dade No rating 2018-05-04