Lucene search
K

47 matches found

OSV
OSV
added 2026/02/19 9:42 a.m.6 views

CLSA-2026-1771494125 nodejs: Fix of CVE-2024-22020

CVE-2024-22020: lib,esm: handle bypass network-import via data...

6.5CVSS6.8AI score0.01104EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : nodejs:20 (AXSA:2024-8725:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8725:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : nodejs:18 (AXSA:2024-8777:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8777:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.15 views

TencentOS Server 4: nodejs (TSSA-2024:0291)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0291 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.1CVSS7.9AI score0.01387EPSS
Exploits1References4
Circl
Circl
added 2025/04/30 11:14 p.m.2 views

CVE-2024-22020

creationtimestamp| type| source ---|---|--- 2025-04-30 23:14:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14197...

6.5CVSS6.8AI score0.01104EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.6 views

openSUSE Security Advisory (SUSE-SU-2024:2574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.01387EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.8 views

openSUSE Security Advisory (SUSE-SU-2024:2543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.01387EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/02/21 12:0 a.m.8 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-22020)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22020 advisory. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-netwo...

6.5CVSS7.5AI score0.01104EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/02/19 4:8 p.m.8 views

CVE-2024-22020 affecting package nodejs for versions less than 20.14.0-5

CVE-2024-22020 affecting package nodejs for versions less than 20.14.0-5. A patched version of the package is available...

6.5CVSS6.7AI score0.01104EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/02/14 8:0 a.m.4 views

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers.

...

6.5CVSS6.8AI score0.01104EPSS
Exploits0
Oracle linux
Oracle linux
added 2025/02/14 12:0 a.m.38 views

nodejs:18 security update

nodejs 1:18.20.6-1 - Update to version 18.20.6 Resolves: RHEL-76801 Fixes: CVE-2025-23085 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging...

6.8CVSS6.9AI score0.01282EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/02/14 12:0 a.m.9 views

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-22020)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22020 advisory. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-netwo...

6.5CVSS7.5AI score0.01104EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/02/13 10:12 p.m.7 views

CVE-2024-22020 affecting package nodejs18 for versions less than 18.20.3-3

CVE-2024-22020 affecting package nodejs18 for versions less than 18.20.3-3. A patched version of the package is available...

6.5CVSS7.3AI score0.01104EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.14 views

RHEL 8 : nodejs:18 (RHSA-2024:6148)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6148 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.24 views

RHEL 9 : nodejs:18 (RHSA-2024:6147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6147 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:40 a.m.26 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control

Summary Node.js is vulnerable to remote attacker to execute arbitrary commands. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-36138 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by the incomplete fi...

8.1CVSS8.1AI score0.01104EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/17 12:55 a.m.27 views

RLSA-2024:6147 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References3
OSV
OSV
added 2024/09/17 12:55 a.m.20 views

RLSA-2024:5815 Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...

6.5CVSS6.2AI score0.01104EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/09/16 12:0 a.m.41 views

Rocky Linux 8 : nodejs:18 (RLSA-2024:6148)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6148 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction vi...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/09/16 12:0 a.m.23 views

Rocky Linux 9 : nodejs:18 (RLSA-2024:6147)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6147 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction vi...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References5
Rows per page
Query Builder