Lucene search

K
redhatRedHatRHSA-2024:2910
HistoryMay 20, 2024 - 1:02 a.m.

(RHSA-2024:2910) Important: nodejs security update

2024-05-2001:02:30
access.redhat.com
5
node.js
denial of service
security update
network applications
javascript
cvss score
unix
fetch function
http request smuggling
out of bounds read
cvss score
acknowledgments

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • nodejs: CONTINUATION frames DoS (CVE-2024-27983)

  • nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)

  • nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)

  • nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

  • c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.