CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2

CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2. A patched version of the package is available...

CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2

CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

AlmaLinux 9 : nodejs (ALSA-2023:4331)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4331 advisory. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request...

[SECURITY] Fedora 38 Update: nodejs16-16.20.1-1.fc38

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

AZL-26937 CVE-2023-32067 affecting package nodejs for versions less than 16.20.1-2

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

AZL-13827 CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...