Medium: nodejs20

🗓️ 14 Nov 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 2 Views

Node.js vulnerabilities allow unauthorized file access, code execution, and resource exhaustion risks.

Reporter	Title	Published	Views	Family All 352
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty	15 Apr 202502:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	8 Jan 202518:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Denial of Service (DoS) due to tar	17 Dec 202510:16	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway	17 Sep 202421:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	4 Dec 202410:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in tar-6.2.0.tgz	7 Jul 202517:58	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.	11 Mar 202517:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow	9 Oct 202413:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar [CVE-2024-28863]	2 Apr 202517:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar [CVE-2024-28863]	2 Apr 202517:30	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	nodejs20-libs-debuginfo	20.18.0-1.amzn2023.0.2	nodejs20-libs-debuginfo-20.18.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-debuginfo	20.18.0-1.amzn2023.0.2	nodejs20-debuginfo-20.18.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-full-i18n	20.18.0-1.amzn2023.0.2	nodejs20-full-i18n-20.18.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-devel	20.18.0-1.amzn2023.0.2	nodejs20-devel-20.18.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	v8-11.3-devel	11.3.244.8-1.20.18.0.1.amzn2023.0.2	v8-11.3-devel-11.3.244.8-1.20.18.0.1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20	20.18.0-1.amzn2023.0.2	nodejs20-20.18.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-libs	20.18.0-1.amzn2023.0.2	nodejs20-libs-20.18.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-npm	10.8.2-1.20.18.0.1.amzn2023.0.2	nodejs20-npm-10.8.2-1.20.18.0.1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-debugsource	20.18.0-1.amzn2023.0.2	nodejs20-debugsource-20.18.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	noarch	nodejs20-docs	20.18.0-1.amzn2023.0.2	nodejs20-docs-20.18.0-1.amzn2023.0.2.noarch.rpm

14 Nov 2024 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 36.5

CVSS 3.16.5

EPSS0.00663

SSVC

node.js vulnerabilities file access security code execution resource exhaustion