105 matches found
Important: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
SUSE: Security Advisory (SUSE-SU-2023:0674-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2023-0078)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CBL Mariner 2.0 Security Update: nodejs (CVE-2023-23918)
The version of nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-23918 advisory. - A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it...
CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1
CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1. An upgraded version of the package is available that resolves this issue...
Security fix for the ALT Linux 10 package node version 16.19.1-alt1
16.19.1-alt1 built March 22, 2023 Andrey Cherepanov in task 316988 March 13, 2023 Vitaly Lipatov - new version 16.19.1 with rpmrb script - CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High - CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs...
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.10 and earlier
Summary This fix upgrades to nodejs 14.21.3. Vulnerability Details CVEID:CVE-2023-23918 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable the experimental permissions option with --experimental-policy. By sending a...
SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:0715-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0715-1 advisory. Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule...
SUSE-SU-2023:0715-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...
SUSE SLES15 / openSUSE 15 Security Update : nodejs14 (SUSE-SU-2023:0674-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0674-1 advisory. Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule...
SUSE-SU-2023:0673-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...
SUSE-SU-2023:0607-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23920: Fixed insecure loading of ICU data through ICUDATA environment bsc1208487...
MGASA-2023-0078 Updated nodejs packages fix security vulnerability
The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...
Node.js 14.x < 14.21.3, 16.x < 16.19.1, 18.x < 18.14.1, 19.x < 19.6.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Node.js 14.x < 14.21.3, 16.x < 16.19.1, 18.x < 18.14.1, 19.x < 19.6.1 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
CVE-2023-23918
creationtimestamp| type| source ---|---|--- 2023-02-23 22:18:34+00:00| seen| https://t.me/cibsecurity/58811...
CVE-2023-23918
CVE-2023-23918 affects Node.js runtimes prior to certain fixed releases (examples from connected docs include Node.js 14.21.3, 16.19.1, 18.14.2; some entries reference 18.19.x as fixed). The vulnerability allows bypassing the experimental Permissions feature when enabled with --experimental-polic...
CVE-2023-23918
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
CVE-2023-23918
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
CVE-2023-23918
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...