Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.
CVSS Information
N/A
Vulnerability Type
未保护的主要通道
Vulnerability Title
Joyent Node.js 安全特征问题漏洞
Vulnerability Description
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。该平台主要用于构建高度可伸缩的应用程序,以及编写能够处理数万条且同时连接到一个物理机的连接代码。 Joyent Node.js 6.15.0之前版本中存在安全特征问题漏洞,该漏洞源于当采用node --debug或node debug来启用debugger时,默认情况下它在所有接口上监听5858端口。远程攻击者可利用该漏洞将计算机添加到调试端口,运行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A