apk package
wolfi/pulumi-language-nodejs
pkg:apk/wolfi/pulumi-language-nodejs
Vulnerabilities (83)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 7.5 | KEV | < 3.91.1-r1 | 3.91.1-r1 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-3978 | — | < 3.88.1-r1 | 3.88.1-r1 | Aug 2, 2023 | Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. | ||
| CVE-2018-20225 | Hig | 7.8 | < 0 | 0 | May 8, 2020 | An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the |
- affected < 3.91.1-r1fixed 3.91.1-r1
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-3978Aug 2, 2023affected < 3.88.1-r1fixed 3.88.1-r1
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
- affected < 0fixed 0
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the
Page 5 of 5