CVE-2023-30589 - Exploiting HTTP Request Smuggling in Node.js via llhttp CRLF Bug
On May 31, 2023, Node.js security announced CVE-2023-30589, a serious vulnerability in all active branches (v16, v18, v20). The issue? Node’s HTTP parser
CVE-2023-23919 - How a Small Cryptographic Mistake in Node.js Could Crash Your App
Summary
Node.js, one of the internet’s most widely-used runtimes for building server-side apps, quietly patched a cryptographic vulnerability in early 2023—one that
CVE-2023-23918 - Node.js Permissions Bypass Exploit – What You Need to Know
If you’re a developer or sysadmin using Node.js, you need to be aware of CVE-2023-23918, a critical privilege escalation vulnerability that affects several
Episode
00:00:00
00:00:00