Important: nodejs:20 security update

2024-05-1500:00:00

errata.almalinux.org

nodejs

security

update

cve-2024-25629

cve-2024-28182

cve-2024-22025

cve-2024-27983

denial of service

http request smuggling

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language.

Security Fix(es):

c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
nodejs: CONTINUATION frames DoS (CVE-2024-27983)
nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux9noarchnodejs-docs< 20.12.2-2.module_el9.4.0+100+71fc9528nodejs-docs-20.12.2-2.module_el9.4.0+100+71fc9528.noarch.rpm
almalinux9noarchnodejs-nodemon< 3.0.1-1.module_el9.3.0+47+c33bc288nodejs-nodemon-3.0.1-1.module_el9.3.0+47+c33bc288.noarch.rpm
almalinux9noarchnodejs-packaging< 2021.06-4.module_el9.3.0+88+29afeaa2nodejs-packaging-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm
almalinux9noarchnodejs-packaging-bundler< 2021.06-4.module_el9.3.0+88+29afeaa2nodejs-packaging-bundler-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm
almalinux9ppc64lenodejs< 20.12.2-2.module_el9.4.0+100+71fc9528nodejs-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm
almalinux9ppc64lenodejs-devel< 20.12.2-2.module_el9.4.0+100+71fc9528nodejs-devel-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm
almalinux9ppc64lenodejs-full-i18n< 20.12.2-2.module_el9.4.0+100+71fc9528nodejs-full-i18n-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm
almalinux9ppc64lenpm< 10.5.0-1.20.12.2.2.module_el9.4.0+100+71fc9528npm-10.5.0-1.20.12.2.2.module_el9.4.0+100+71fc9528.ppc64le.rpm
almalinux9x86_64nodejs< 20.12.2-2.module_el9.4.0+100+71fc9528nodejs-20.12.2-2.module_el9.4.0+100+71fc9528.x86_64.rpm
almalinux9x86_64nodejs-devel< 20.12.2-2.module_el9.4.0+100+71fc9528nodejs-devel-20.12.2-2.module_el9.4.0+100+71fc9528.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	9	noarch	nodejs-docs	< 20.12.2-2.module_el9.4.0+100+71fc9528	nodejs-docs-20.12.2-2.module_el9.4.0+100+71fc9528.noarch.rpm
almalinux	9	noarch	nodejs-nodemon	< 3.0.1-1.module_el9.3.0+47+c33bc288	nodejs-nodemon-3.0.1-1.module_el9.3.0+47+c33bc288.noarch.rpm
almalinux	9	noarch	nodejs-packaging	< 2021.06-4.module_el9.3.0+88+29afeaa2	nodejs-packaging-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm
almalinux	9	noarch	nodejs-packaging-bundler	< 2021.06-4.module_el9.3.0+88+29afeaa2	nodejs-packaging-bundler-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm
almalinux	9	ppc64le	nodejs	< 20.12.2-2.module_el9.4.0+100+71fc9528	nodejs-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm
almalinux	9	ppc64le	nodejs-devel	< 20.12.2-2.module_el9.4.0+100+71fc9528	nodejs-devel-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm
almalinux	9	ppc64le	nodejs-full-i18n	< 20.12.2-2.module_el9.4.0+100+71fc9528	nodejs-full-i18n-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm
almalinux	9	ppc64le	npm	< 10.5.0-1.20.12.2.2.module_el9.4.0+100+71fc9528	npm-10.5.0-1.20.12.2.2.module_el9.4.0+100+71fc9528.ppc64le.rpm
almalinux	9	x86_64	nodejs	< 20.12.2-2.module_el9.4.0+100+71fc9528	nodejs-20.12.2-2.module_el9.4.0+100+71fc9528.x86_64.rpm
almalinux	9	x86_64	nodejs-devel	< 20.12.2-2.module_el9.4.0+100+71fc9528	nodejs-devel-20.12.2-2.module_el9.4.0+100+71fc9528.x86_64.rpm