目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

nodejs 厂商漏洞列表 / CVE 中文分析 111

nodejs 厂商相关 111 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Node.js 是基于 Chrome V8 引擎的 JavaScript 运行时,广泛用于构建高并发网络应用。其历史漏洞多涉及远程代码执行、拒绝服务及原型链污染,常因输入验证缺失或依赖库缺陷引发。近期安全事件凸显了供应链风险,攻击者常通过恶意 npm 包植入后门。尽管官方持续强化模块签名验证,但开发者仍需警惕第三方依赖的安全隐患,及时更新版本以修复已知缺陷,确保生产环境稳定。

15 件の結果 / 111フィルターをクリア
上位製品 nodejs: Node undici
CVE IDタイトルCVSS深刻度公開日
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion — undiciCWE-770 5.9 Medium2026-01-14
CVE-2025-47279 undici Denial of Service attack via bad certificate data — undiciCWE-401 3.1 Low2025-05-15
CVE-2025-22150 Undici Uses Insufficiently Random Values — undiciCWE-330 6.8 Medium2025-01-21
CVE-2024-38372 Undici vulnerable to data leak when using response.arrayBuffer() — undiciCWE-201 2.0 Low2024-07-08
CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline — undiciCWE-285 3.9 Low2024-04-04
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect — undiciCWE-284 2.6 Low2024-04-04
CVE-2024-24750 Backpressure request ignored in fetch() in Undici — undiciCWE-400 6.5 Medium2024-02-16
CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici — undiciCWE-200 3.9 Low2024-02-16
CVE-2023-45143 Undici's cookie header not cleared on cross-origin redirect in fetch — undiciCWE-200 3.9 Low2023-10-12
CVE-2023-23936 CRLF Injection in Nodejs ‘undici’ via host — undiciCWE-93 6.5 Medium2023-02-16
CVE-2023-24807 Undici vulnerable to Regular Expression Denial of Service in Headers — undiciCWE-20 7.5 High2023-02-16
CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type — undiciCWE-93 5.3 Medium2022-08-13
CVE-2022-35949 `undici.request` vulnerable to SSRF using absolute URL on `pathname` — undiciCWE-918 5.3 Medium2022-08-12
CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici — undiciCWE-601 3.7 Low2022-07-20
CVE-2022-31150 CRLF injection in request headers — undiciCWE-93 5.3 Medium2022-07-19

本页汇总了 nodejs 厂商截至目前公开的全部 111 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。