Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21891)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21891 advisory. - Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, whi...

8.8CVSS5.6AI score0.01245EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : nodejs:20 (AXSA:2024-7668:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7668:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...

9.8CVSS8.2AI score0.03168EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.6 views

TencentOS Server 3: nodejs:20 (TSSA-2024:0109)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0109 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS7AI score0.03168EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.22 views

Photon OS 5.0: Nodejs PHSA-2024-5.0-0213

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0213. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS7.2AI score0.03168EPSS
Exploits0References9
CBLMariner
CBLMariner
added 2024/06/21 9:32 a.m.17 views

CVE-2024-21891 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-21891 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

8.8CVSS6.9AI score0.01245EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/05/10 1:34 p.m.40 views

K000139579: Node.js vulneraility CVE-2024-21891

Security Advisory Description Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects...

8.8CVSS7AI score0.01245EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.51 views

Rocky Linux 8 : nodejs:20 (RLSA-2024:1687)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1687 advisory. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For exampl...

9.8CVSS6.8AI score0.03168EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2024/04/10 12:0 a.m.39 views

AlmaLinux 8 : nodejs:20 (ALSA-2024:1687)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1687 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP reques...

9.8CVSS7.2AI score0.03168EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/04/08 8:54 a.m.129 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.9AI score0.03168EPSS
Exploits0References8
OSV
OSV
added 2024/04/08 12:0 a.m.57 views

ALSA-2024:1687 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

9.8CVSS7.5AI score0.03168EPSS
Exploits0References16
Oracle linux
Oracle linux
added 2024/04/08 12:0 a.m.73 views

nodejs:20 security update

nodejs 1:20.11.1-1 - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 high - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 medium nodejs-nodemon nodejs-packaging...

7.4CVSS7.9AI score0.03168EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2024/04/08 12:0 a.m.53 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

9.8CVSS8.2AI score0.03168EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.88 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-544)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-544 advisory. 2024-03-13: CVE-2024-22025 was added to this advisory. The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file...

9.8CVSS6.6AI score0.03168EPSS
Exploits0References18
OSV
OSV
added 2024/02/20 2:15 a.m.5 views

CVE-2024-21891

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...

8.8CVSS9.1AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/02/20 2:15 a.m.35 views

CVE-2024-21891

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...

8.8CVSS6.8AI score0.01245EPSS
Exploits0References3
CVE
CVE
added 2024/02/20 1:31 a.m.175 views

CVE-2024-21891

CVE-2024-21891 affects Node.js 20/21 when using the experimental permission model. The issue arises from overwriting built-in path normalization used by node:fs, enabling a filesystem permission model bypass via path traversal. Impact is high (confidentiality/integrity/availability could be affec...

8.8CVSS7.4AI score0.01245EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2024/02/20 1:31 a.m.22 views

CVE-2024-21891

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...

8.8CVSS7.2AI score0.01245EPSS
Exploits0
OSV
OSV
added 2024/02/16 8:55 a.m.1 views

BELL-CVE-2024-21891

Bulletin has no description...

8.8CVSS6.9AI score0.01245EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/02/16 12:0 a.m.150 views

Node.js 20.x < 20.11.1, 21.x < 21.6.2 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

9.8CVSS7.2AI score0.04459EPSS
Exploits1References8
Rows per page
Query Builder