CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
98.5%
This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release (High) CVE-2023-45143: undici Security Release (High) CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium) CVE-2023-39333: Code injection via WebAssembly export names (Low) More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 9 | noarch | nodejs | < 18.18.2-1 | nodejs-18.18.2-1.mga9 |
Mageia | 9 | noarch | yarnpkg | < 1.22.19-14 | yarnpkg-1.22.19-14.mga9 |