node-libcurl@0.0.5 vulnerabilities
The fastest http(s) client (and much more) for Node.js - Node.js bindings for libcurl
-
latest version
4.0.0
-
first published
11 years ago
-
latest version published
9 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the node-libcurl package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to External Control of File Name or Path via the When this function is used to duplicate an easy handle with cookies enabled, the cookie-enable state is also cloned. However, the actual cookies are not cloned, and if the source handle did not read any cookies from a specific file on disk, the cloned handle would store the file name as Note: This is only exploitable if a file named Changelog: 2023-10-04: Initial publication 2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range. How to fix External Control of File Name or Path? There is no fixed version for |
*
|
Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the This is only exploitable if the SOCKS5 handshake is slow enough to trigger a local variable bug and the client uses a hostname longer than the download buffer. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system under certain conditions. Note: An overflow is only possible in applications that don't set The options that cause SOCKS5 with remote hostname to be used in
The options that cause SOCKS5 with remote hostname to be used in the
Changelog: 2023-10-04: Initial publication 2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range. How to fix Heap-based Buffer Overflow? There is no fixed version for |
*
|