Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310114677
HistoryJun 27, 2024 - 12:00 a.m.

Node.js Multiple Vulnerabilities (Jul 2024) - Mac OS X

2024-06-2700:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
node.js
vulnerabilities
mac os x

7.3 High

AI Score

Confidence

Low

JSON

Node.js is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:nodejs:node.js";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.114677");
  script_version("2024-06-28T05:05:33+0000");
  script_tag(name:"last_modification", value:"2024-06-28 05:05:33 +0000 (Fri, 28 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-06-27 14:16:15 +0000 (Thu, 27 Jun 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_tag(name:"qod_type", value:"executable_version");

  script_tag(name:"solution_type", value:"NoneAvailable");

  script_name("Node.js Multiple Vulnerabilities (Jul 2024) - Mac OS X");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("gb_nodejs_detect_macosx.nasl");
  script_mandatory_keys("Nodejs/MacOSX/Ver");

  script_tag(name:"summary", value:"Node.js is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The Node.js project will release new versions of the 22.x, 20.x,
  18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address:

  - 1 high severity issues

  - 2 medium severity issues

  - 3 low severity issues");

  script_tag(name:"affected", value:"Node.js versions 22.x and earlier.

  Vendor note: It's important to note that End-of-Life versions are always affected when a security
  release occurs.");

  # TODO: The fix will be included in the next releases when they become available.
  script_tag(name:"solution", value:"No known solution is available as of 27th June, 2024.
  Information regarding this issue will be updated once solution details are available.");

  script_xref(name:"URL", value:"https://nodejs.org/en/blog/vulnerability/july-2024-security-releases");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

# nb: From the advisory linked above:
#
# > It's important to note that End-of-Life versions are always affected when a security release occurs
if (version_is_less_equal(version: version, test_version: "18.20.3")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "None", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "19.0", test_version2: "20.15.0")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "None", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "21.0", test_version2: "22.3.0")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "None", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(0);

7.3 High

AI Score

Confidence

Low

JSON