Filtered by vendor Redhat Subscriptions
Filtered by product Service Mesh Subscriptions

Search

Switch to Advanced Search (Beta)
Total 186 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45590 3 Expressjs, Openjsf, Redhat 13 Body-parser, Body-parser, Advanced Cluster Security and 10 more 2024-09-20 7.5 High
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
CVE-2024-43796 2 Openjsf, Redhat 11 Express, Discovery, Network Observ Optr and 8 more 2024-09-20 5 Medium
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
CVE-2024-39338 2 Axios, Redhat 8 Axios, Discovery, Network Observ Optr and 5 more 2024-08-23 4 Medium
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVE-2024-42461 2 Elliptic Project, Redhat 4 Elliptic, Acm, Multicluster Engine and 1 more 2024-08-16 5.3 Medium
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
CVE-2024-42460 2 Elliptic Project, Redhat 4 Elliptic, Acm, Multicluster Engine and 1 more 2024-08-02 5.3 Medium
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
CVE-2024-42459 2 Elliptic Project, Redhat 4 Elliptic, Acm, Multicluster Engine and 1 more 2024-08-02 5.3 Medium
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.