← Back

Node.js

node.js

Vendor: Joyent • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-7192
1Joyent
1Node.js
May 6, 2026
Dec 11, 2014
N/A· v4
N/A· v3
10.0 HIGH· v2
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code vi...Show more
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.Show less
CVE-2014-6394
3Apple
FedoraprojectJoyent
3Fedora
Node.jsXcode
May 6, 2026
Oct 8, 2014
N/A· v4
N/A· v3
7.5 HIGH· v2
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "pu...Show more
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.Show less