CNNVD-202601-3187 Information
Jan 20, 2026
cve
CNNVD ID
CNNVD-202601-3187
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Node.js是Node.js开源的一个开源、跨平台的 JavaScript 运行时环境。 Node.js存在安全漏洞,该漏洞源于缓冲区分配逻辑缺陷,可能导致未初始化内存泄露,造成令牌或密码等进程内秘密泄露或数据损坏。
Description (English)
Node.js is an open-source, cross-platform JavaScript running environment for Node.js. There is a security loophole in Node.js, which stems from the logical flaws in the distribution of the buffer zone, which may lead to the non-initialization of the memory leaks and to the clandestine leakage or data damage in processes such as tokens or passwords.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Node.js
Published
2026-01-20
Last Modified
2026-02-24
References
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Patch
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Share on: