9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.732 High
EPSS
Percentile
98.1%
An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
nodejs: permission model improperly protects against path traversal (CVE-2023-39331)
nodejs: path traversal through path stored in Uint8Array (CVE-2023-39332)
nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)
nodejs: code injection via WebAssembly export names (CVE-2023-39333)
node-undici: cookie leakage (CVE-2023-45143)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
rocky | 8 | noarch | nodejs-nodemon | < 3.0.1-1.module+el8.8.0+1459+02651ab6 | nodejs-nodemon-0:3.0.1-1.module+el8.8.0+1459+02651ab6.noarch.rpm |
rocky | 8 | noarch | nodejs-packaging | < 2021.06-4.module+el8.7.0+1072+5b168780 | nodejs-packaging-0:2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpm |
rocky | 8 | noarch | nodejs-packaging-bundler | < 2021.06-4.module+el8.7.0+1072+5b168780 | nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.732 High
EPSS
Percentile
98.1%