Lucene search
GoogleOSV:ALSA-2024:2780HistoryMay 09, 2024 - 12:00 a.m.
Important: nodejs:18 security update
2024-05-0900:00:00
Google
osv.dev
4
node.js
security fix
denial of service
http request smuggling
cvss score
cve
nghttp2
c-ares
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- nodejs: CONTINUATION frames DoS (CVE-2024-27983)
- nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
- nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
- nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
- c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
access.redhat.com/errata/RHSA-2024:2780
access.redhat.com/security/cve/CVE-2024-22025
access.redhat.com/security/cve/CVE-2024-25629
access.redhat.com/security/cve/CVE-2024-27982
access.redhat.com/security/cve/CVE-2024-27983
access.redhat.com/security/cve/CVE-2024-28182
bugzilla.redhat.com/2265713
bugzilla.redhat.com/2268639
bugzilla.redhat.com/2270559
bugzilla.redhat.com/2272764
bugzilla.redhat.com/2275392
errata.almalinux.org/8/ALSA-2024-2780.html
Related
nessus
nessus
RHEL 9 : nodejs:18 (RHSA-2024:2779)
2024-05-09 00:00:00
AlmaLinux 9 : nodejs (ALSA-2024:2910)
2024-05-21 00:00:00
Oracle Linux 9 : nodejs:18 (ELSA-2024-2779)
2024-05-15 00:00:00
rocky
rocky
nodejs:18 security update
2024-05-09 18:51:51
nodejs:18 security update
2024-05-09 18:50:42
nodejs:20 security update
2024-05-09 18:50:42
redhat
redhat
(RHSA-2024:2853) Important: nodejs:20 security update
2024-05-15 10:54:45
(RHSA-2024:2778) Important: nodejs:20 security update
2024-05-09 05:32:10
(RHSA-2024:2780) Important: nodejs:18 security update
2024-05-09 05:32:23
oraclelinux
oraclelinux
nodejs:18 security update
2024-05-14 00:00:00
nodejs:20 security update
2024-05-16 00:00:00
nodejs:18 security update
2024-05-10 00:00:00
osv
osv
Important: nodejs security update
2024-05-20 00:00:00
Important: nodejs:20 security update
2024-05-09 18:50:42
Important: nodejs:20 security update
2024-05-09 00:00:00
almalinux
almalinux
Important: nodejs:20 security update
2024-05-09 00:00:00
Important: nodejs:18 security update
2024-05-09 00:00:00
Important: nodejs:20 security update
2024-05-15 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1306-1)
2024-05-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1346-1)
2024-05-07 00:00:00
Node.js Multiple Vulnerabilities (Apr 2024) - Windows
2024-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: nodejs20-20.12.2-1.fc40
2024-04-19 21:44:22
[SECURITY] Fedora 39 Update: nodejs20-20.12.2-1.fc39
2024-04-20 01:03:33
[SECURITY] Fedora 40 Update: c-ares-1.28.1-1.fc40
2024-04-19 21:40:06
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2024-04-05 21:24:25
Updated c-ares packages fix security vulnerabilitie
2024-02-28 08:47:52
Updated nghttp2 packages fix security vulnerability
2024-04-17 05:13:57
ibm
ibm
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js(CVE-2024-27983 & CVE-2024-27982)
2024-05-16 10:02:29
veracode
veracode
Denial Of Service (DoS)
2024-04-11 02:04:36
Buffer Under-read
2024-04-11 00:37:09
Denial Of Service (DOS)
2024-02-29 04:13:37
redhatcve
redhatcve
cve
cve
cbl_mariner
cbl_mariner
CVE-2024-27982 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-28 09:07:34
CVE-2024-25629 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-06 17:48:02
CVE-2024-27983 affecting package nodejs18 for versions less than 18.18.2-7
2024-04-30 01:31:53
ubuntucve
ubuntucve
alpinelinux
alpinelinux
hackerone
hackerone
githubexploit
githubexploit
Exploit for CVE-2024-27983
2024-04-14 11:34:52
cgr
cgr
CVE-2024-25629 vulnerabilities
2024-05-19 03:07:16
CVE-2024-28182 vulnerabilities
2024-05-19 03:07:16
ubuntu
ubuntu
c-ares vulnerability
2024-03-06 00:00:00
prion
prion
Design/Logic Flaw
2024-02-23 15:15:00
redos
redos
ROS-20240410-04
2024-04-10 00:00:00
ROS-20240425-03
2024-04-25 00:00:00
ROS-20240507-08
2024-05-07 00:00:00
amazon
amazon
Medium: c-ares
2024-03-13 20:26:00
Important: nghttp2
2024-05-09 17:43:00
Important: nghttp2
2024-04-24 22:15:00
freebsd
freebsd
dns/c-ares -- malformatted file causes application crash
2024-02-23 00:00:00
slackware
slackware
[slackware-security] nghttp2
2024-04-04 19:17:04
wolfi
wolfi
CVE-2024-25629 vulnerabilities
2024-05-28 15:40:08
CVE-2024-28182 vulnerabilities
2024-05-28 15:40:08
cvelist
cvelist
CVE-2024-25629 c-ares out of bounds read in ares__read_line()
2024-02-23 14:52:24
CVE-2024-27982
2024-05-07 16:40:02
CVE-2024-27983
2024-04-09 01:06:43
debiancve
debiancve
f5
f5
K000139615: Node.js vulnerability CVE-2024-27982
2024-05-15 00:00:00
K000139225 : nghttp2 vulnerability CVE-2024-28182
2024-04-10 00:00:00
K000139532 : Node.js vulnerability CVE-2024-27983
2024-05-07 00:00:00
debian
debian
[SECURITY] [DLA 3804-1] nghttp2 security update
2024-04-30 21:29:46
[SECURITY] [DLA 3776-1] nodejs security update
2024-03-27 00:41:25
arista
arista
Security Advisory 0094
2024-04-05 00:00:00