Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TencentOS Server 4: nodejs (TSSA-2024:0613)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 4 Views

TencentOS Server 4 is vulnerable prior to updates; multiple Node.js vulnerabilities noted in advisory.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus
4 Feb 202518:15
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js vulnerabilities [ CVE-2024-27982, CVE-2024-27983]
4 Feb 202519:31
ibm
IBM Security Bulletins		Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control
8 Jul 202409:24
ibm
IBM Security Bulletins		Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
15 Apr 202503:05
ibm
IBM Security Bulletins		Security Bulletin: IBM Cognos Controller is affected by vulnerabilities
15 Apr 202503:15
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities affect IBM Db2® Graph
24 Apr 202322:02
ibm
IBM Security Bulletins		Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities
24 Apr 202415:52
ibm
IBM Security Bulletins		Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities
12 Apr 202415:48
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor
1 Mar 202309:00
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway
17 May 202413:55
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2024:0613.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(239018);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id(
    "CVE-2023-24807",
    "CVE-2023-42282",
    "CVE-2023-46809",
    "CVE-2024-22019",
    "CVE-2024-22025",
    "CVE-2024-27982",
    "CVE-2024-27983"
  );

  script_name(english:"TencentOS Server 4: nodejs (TSSA-2024:0613)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 4 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0613 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2024-27983:
    An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2
    frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after
    reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is
    abruptly closed by the client triggering the Http2Session destructor while header frames are still being
    processed (and stored in memory) causing a race condition.

    CVE-2024-27982:
    The team has identified a critical vulnerability in the http server of the most recent version of Node,
    where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a
    content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request
    within the body of the first.

    CVE-2024-22019:
    A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with
    chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an
    unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension
    bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like
    timeouts and body size limits.

    CVE-2023-46809:
    A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing
    side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences
    in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA
    ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web
    Encryption messages.

    CVE-2024-22025:
    A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through
    resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.
    The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making
    it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.
    An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory,
    potentially leading to process termination, depending on the system configuration.

    CVE-2023-42282:
    The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are
    improperly categorized as globally routable via isPublic. A vulnerability was found in the NPM IP Package.
    This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the
    isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to
    normally inaccessible resources.

    CVE-2023-24807:
    Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and
    `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when
    untrusted values are passed into the functions. This is due to the inefficient regular expression used to
    normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in
    v5.19.1. No known workarounds are available.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20240613.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-42282");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/10/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/10/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:nodejs");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 4.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'nodejs-18.20.1-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-18.20.1-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debuginfo-18.20.1-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debuginfo-18.20.1-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debugsource-18.20.1-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debugsource-18.20.1-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-devel-18.20.1-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-devel-18.20.1-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-docs-18.20.1-2.tl4', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-full-i18n-18.20.1-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-full-i18n-18.20.1-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-libs-18.20.1-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-libs-18.20.1-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-libs-debuginfo-18.20.1-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-libs-debuginfo-18.20.1-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'npm-10.5.0-18.20.1.2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'npm-10.5.0-18.20.1.2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'v8-devel-10.2.154.26-18.20.1.2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'v8-devel-10.2.154.26-18.20.1.2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debuginfo / nodejs-debugsource / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Nov 2025 00:00Current
8High risk
Vulners AI Score8
CVSS 3.19.8
CVSS 38.2
EPSS0.75933
SSVC
tencentos server 4node.js vulnerabilitieshttp/2 server issuerequest smuggling flawdos risktiming side-channel
4