Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240916-03
HistorySep 16, 2024 - 12:00 a.m.

ROS-20240916-03

2024-09-1600:00:00
redos.red-soft.ru
2
node.js
vulnerability
data authentication
encryption errors
access control
remote attackers
bypass restrictions
elevate privileges
arbitrary commands
unreliable search path
unix
service data
disclosure
http/1.1 undici client

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

JSON

A vulnerability in the Node.js software platform is related to insufficient data authentication.
Exploitation of the vulnerability could allow an attacker acting remotely to disable the validation of the
integrity

A vulnerability in the APIgenerateKeys() function of the Node.js software platform is related to a mismatch between the implementation and the documented design.
implementation and documented design. Exploitation of the vulnerability could allow an attacker,
acting remotely, to bypass existing security restrictions

Vulnerability in the WebAssembly module of the Node.js software platform is related to mismanagement of code generation.
code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary
commands

Vulnerability in the Node.js software platform, related to data encryption errors. Exploitation of the vulnerability
could allow a remote attacker to cause a denial of service

Vulnerability in Module._load() of the Node.js software platform, related to access control flaws.
access. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the imposed
security restrictions

Vulnerability in the process.mainModule.require() function of the Node.js software platform is related to authorization flaws.
authorization errors. Exploitation of the vulnerability could allow an attacker acting remotely to elevate their
privileges

Vulnerability of process.binding() module of Node.js software platform is related to authorization flaws.
access. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions.
security restrictions

HTTP/1.1 undici client vulnerability in the Node.js software platform is related to insufficient protection of service data.
service data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose
protected information

Vulnerability of module.constructor.createRequire() module of Node.js software platform is related to
access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the restrictions imposed on the module.constructor.createRequire().
remotely to bypass security restrictions

A vulnerability in the Node.js software platform is related to the use of an unreliable search path. Exploitation
exploitation of the vulnerability could allow an attacker to escalate privileges.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64nodejs< 18.18.2-1UNKNOWN

Related

openvas 38
debian 1
osv 14
nessus 73
mageia 3
rocky 4
ubuntu 2
ibm 15
almalinux 8
oraclelinux 8
redhat 10
fedora 15
f5 2
nodejsblog 2
altlinux 1
photon 2
alpinelinux 1
openvas
openvas
Debian: Security Advisory (DSA-5589-1)
2024-01-12 00:00:00
Ubuntu: Security Advisory (USN-6822-1)
2024-06-11 00:00:00
openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:3378-1)
2024-03-04 00:00:00
debian
debian
[SECURITY] [DSA 5589-1] nodejs security update
2023-12-27 22:12:40
osv
osv
nodejs - security update
2023-12-27 00:00:00
nodejs vulnerabilities
2024-06-10 08:42:42
Important: nodejs security and bug fix update
2023-10-14 02:08:35
nessus
nessus
Oracle Linux 9 : nodejs (ELSA-2023-5532)
2023-10-10 00:00:00
Ubuntu 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6822-1)
2024-06-10 00:00:00
Rocky Linux 9 : nodejs (RLSA-2023:5532)
2023-10-14 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2023-09-25 01:16:18
Updated nodejs packages fix security vulnerabilities
2023-10-23 00:04:51
Updated nodejs packages fix security vulnerability
2023-03-02 00:14:31
rocky
rocky
nodejs security and bug fix update
2023-10-14 02:08:35
nodejs:18 security, bug fix, and enhancement update
2023-10-05 21:35:58
nodejs:20 security update
2023-11-28 22:43:02
ubuntu
ubuntu
Node.js vulnerabilities
2024-06-10 00:00:00
Node.js vulnerabilities
2024-03-04 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass
2023-10-26 11:23:21
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass due to [CVE-2023-38552], [CVE-2023-39333]
2023-12-14 10:38:50
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.10 and earlier
2023-03-15 17:24:51
almalinux
almalinux
Important: nodejs security and bug fix update
2023-10-09 00:00:00
Important: nodejs:18 security update
2023-10-18 00:00:00
Important: nodejs:18 security, bug fix, and enhancement update
2023-09-26 00:00:00
oraclelinux
oraclelinux
nodejs security and bug fix update
2023-10-10 00:00:00
18 security update
2023-10-20 00:00:00
nodejs:18 security update
2023-10-23 00:00:00
redhat
redhat
(RHSA-2023:5532) Important: nodejs security and bug fix update
2023-10-09 09:46:53
(RHSA-2023:5849) Important: nodejs:18 security update
2023-10-18 15:11:16
(RHSA-2023:5869) Important: nodejs:18 security update
2023-10-18 22:01:20
fedora
fedora
[SECURITY] Fedora 38 Update: nodejs18-18.18.2-1.fc38
2023-10-24 01:23:42
[SECURITY] Fedora 37 Update: nodejs18-18.18.2-1.fc37
2023-10-26 01:35:04
[SECURITY] Fedora 39 Update: nodejs18-18.18.2-1.fc39
2023-11-03 18:59:17
f5
f5
K000134602 : Node.js vulnerabilities CVE-2023-23918 and CVE-2023-23920
2023-05-15 00:00:00
K000135997 : Multiple Node.js vulnerabilities
2023-08-28 00:00:00
nodejsblog
nodejsblog
Thursday February 16 2023 Security Releases
2023-02-16 00:00:00
Wednesday August 9th 2023 Security Releases
2023-08-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.19.1-alt1
2023-03-22 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0642
2023-09-01 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0082
2023-08-29 00:00:00
alpinelinux
alpinelinux
CVE-2023-23919
2023-02-23 20:15:13

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

JSON
Related for ROS-20240916-03
openvas38debian1osv14nessus73mageia3rocky4ubuntu2ibm15almalinux8oraclelinux8redhat10fedora15f52nodejsblog2altlinux1photon2alpinelinux1