Lucene search
OracleLinuxELSA-2023-0321HistoryJan 24, 2023 - 12:00 a.m.
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-01-2400:00:00
linux.oracle.com
136
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
73.9%
nodejs
[1:16.18.1-3]
- Update sources of undici WASM blobs
Resolves: rhbz#2151617
[1:16.18.1-2] - Add back libs and v8-devel subpackages
- Related: RHBZ#2121126
- Record previously fixed CVE
- Resolves: CVE-2021-44906
[1:16.18.1-1] - Rebase + CVEs
- Resolves: #2142808
- Resolves: #2142826, #2131745, #2142855
nodejs-nodemon
[2.0.20-2] - Record CVE fixed in the current or previous upstream versions
- Resolves: CVE-2021-44906
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 9 | src | nodejs | < 16.18.1-3.el9_1 | nodejs-16.18.1-3.el9_1.src.rpm |
| oracle linux | 9 | src | nodejs-nodemon | < 2.0.20-2.el9_1 | nodejs-nodemon-2.0.20-2.el9_1.src.rpm |
| oracle linux | 9 | aarch64 | nodejs | < 16.18.1-3.el9_1 | nodejs-16.18.1-3.el9_1.aarch64.rpm |
| oracle linux | 9 | noarch | nodejs-docs | < 16.18.1-3.el9_1 | nodejs-docs-16.18.1-3.el9_1.noarch.rpm |
| oracle linux | 9 | aarch64 | nodejs-full-i18n | < 16.18.1-3.el9_1 | nodejs-full-i18n-16.18.1-3.el9_1.aarch64.rpm |
| oracle linux | 9 | aarch64 | nodejs-libs | < 16.18.1-3.el9_1 | nodejs-libs-16.18.1-3.el9_1.aarch64.rpm |
| oracle linux | 9 | noarch | nodejs-nodemon | < 2.0.20-2.el9_1 | nodejs-nodemon-2.0.20-2.el9_1.noarch.rpm |
| oracle linux | 9 | aarch64 | npm | < 8.19.2-1.16.18.1.3.el9_1 | npm-8.19.2-1.16.18.1.3.el9_1.aarch64.rpm |
| oracle linux | 9 | src | nodejs | < 16.18.1-3.el9_1 | nodejs-16.18.1-3.el9_1.src.rpm |
| oracle linux | 9 | src | nodejs-nodemon | < 2.0.20-2.el9_1 | nodejs-nodemon-2.0.20-2.el9_1.src.rpm |
Related
redhat
redhat
almalinux
almalinux
Moderate: nodejs:18 security, bug fix, and enhancement update
2022-12-06 00:00:00
Moderate: nodejs:14 security, bug fix, and enhancement update
2023-01-09 00:00:00
osv
osv
Moderate: nodejs:14 security, bug fix, and enhancement update
2023-01-09 14:24:14
rocky
rocky
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-01-23 14:30:11
nodejs:18 security, bug fix, and enhancement update
2022-12-06 15:25:25
nodejs:18 security, bug fix, and enhancement update
2022-12-06 15:25:28
nessus
nessus
Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2023-0321)
2023-01-24 00:00:00
Rocky Linux 9 : nodejs and nodejs-nodemon (RLSA-2023:0321)
2023-11-06 00:00:00
RHEL 9 : nodejs and nodejs-nodemon (RHSA-2023:0321)
2023-01-23 00:00:00
ibm
ibm
oraclelinux
oraclelinux
nodejs:18 security, bug fix, and enhancement update
2022-12-09 00:00:00
nodejs:18 security, bug fix, and enhancement update
2022-12-08 00:00:00
nodejs:14 security, bug fix, and enhancement update
2023-01-09 00:00:00
prion
prion
Code injection
2022-03-17 16:15:00
Design/Logic Flaw
2022-12-05 22:15:00
Denial of service
2022-10-17 20:15:00
ubuntucve
ubuntucve
debiancve
debiancve
hackerone
hackerone
Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
2022-08-20 03:13:30
Node.js: DNS rebinding in --inspect via invalid octal IP address
2022-09-23 19:28:01
redhatcve
redhatcve
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4254-1)
2022-11-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4255-1)
2022-11-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3967-1)
2022-11-15 00:00:00
veracode
veracode
Prototype Pollution
2022-03-18 02:42:04
Arbitrary Code Execution
2022-11-06 14:52:02
HTTP Request Smuggling
2022-09-27 22:47:16
githubexploit
githubexploit
Exploit for Prototype Pollution in Substack Minimist
2023-10-02 15:20:35
cve
cve
f5
f5
K17011311 : NodeJS vulnerability CVE-2022-35256
2022-12-09 00:00:00
K000133494 : Node.js vulnerability CVE-2022-43548
2023-04-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-35256 affecting package nodejs 14.20.1-2
2022-12-27 17:55:50
CVE-2022-43548 affecting package nodejs 16.17.1-2
2022-12-19 20:12:43
CVE-2022-43548 affecting package nodejs 14.20.1-2
2022-12-27 17:55:50
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.18.1-alt1
2023-03-18 00:00:00
alpinelinux
alpinelinux
CVE-2022-35256
2022-12-05 22:15:00
CVE-2022-43548
2022-12-05 22:15:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2022-11-13 05:25:20
Updated nodejs-minimist packages fix security vulnerability
2023-02-07 03:06:39
github
github
Prototype Pollution in minimist
2022-03-18 00:01:09
minimatch ReDoS vulnerability
2022-10-18 12:00:32
debian
debian
[SECURITY] [DLA 3271-1] node-minimatch security update
2023-01-15 15:25:44
[SECURITY] [DLA 3344-1] nodejs security update
2023-02-26 01:17:34
redos
redos
ROS-20230504-03
2023-05-04 00:00:00
ubuntu
ubuntu
minimatch vulnerability
2023-05-18 00:00:00
Node.js vulnerabilities
2023-11-21 00:00:00
suse
suse
Security update for nodejs14 (moderate)
2022-10-18 00:00:00
Security update for nodejs10 (moderate)
2022-11-01 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
73.9%
Related for ELSA-2023-0321