Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.2 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21896)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21896 advisory. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths giv...

9.8CVSS5.5AI score0.01262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : nodejs:20 (AXSA:2024-7668:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7668:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...

9.8CVSS8.2AI score0.03168EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.22 views

Photon OS 5.0: Nodejs PHSA-2024-5.0-0213

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0213. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS7.2AI score0.03168EPSS
Exploits0References9
F5 Networks
F5 Networks
added 2024/05/10 1:29 p.m.42 views

K000139578: Node.js vulnerability CVE-2024-21896

Security Advisory Description The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By...

9.8CVSS6.9AI score0.01262EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/10 12:0 a.m.39 views

AlmaLinux 8 : nodejs:20 (ALSA-2024:1687)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1687 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP reques...

9.8CVSS7.2AI score0.03168EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/04/08 8:54 a.m.129 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.9AI score0.03168EPSS
Exploits0References8
OSV
OSV
added 2024/04/08 12:0 a.m.58 views

ALSA-2024:1687 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

9.8CVSS7.5AI score0.03168EPSS
Exploits0References16
Oracle linux
Oracle linux
added 2024/04/08 12:0 a.m.75 views

nodejs:20 security update

nodejs 1:20.11.1-1 - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 high - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 medium nodejs-nodemon nodejs-packaging...

7.4CVSS7.9AI score0.03168EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2024/04/08 12:0 a.m.57 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

9.8CVSS8.2AI score0.03168EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.88 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-544)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-544 advisory. 2024-03-13: CVE-2024-22025 was added to this advisory. The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file...

9.8CVSS6.6AI score0.03168EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2024/02/23 7:31 p.m.43 views

CVE-2024-21896

A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from to obtain a buffer from the result of path.resolve. By...

7.9CVSS7.6AI score0.01262EPSS
Exploits0References3
Circl
Circl
added 2024/02/20 3:31 a.m.3 views

CVE-2024-21896

creationtimestamp| type| source ---|---|--- 2024-02-20 03:31:51+00:00| seen| https://t.me/ctinow/188074 2024-02-20 03:32:05+00:00| seen| https://t.me/ctinow/188083 2024-02-21 07:07:23+00:00| seen| https://t.me/arpsyndicate/3711 2024-11-14 12:00:00+00:00| seen|...

9.8CVSS6.9AI score0.01262EPSS
Exploits0References5
OSV
OSV
added 2024/02/20 2:15 a.m.12 views

CVE-2024-21896

The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By monkey-patching Buffer internals, namely...

9.8CVSS9.2AI score
Exploits0References3
NVD
NVD
added 2024/02/20 2:15 a.m.27 views

CVE-2024-21896

The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By monkey-patching Buffer internals, namely...

9.8CVSS5.6AI score0.01262EPSS
Exploits0References3
CVE
CVE
added 2024/02/20 1:31 a.m.176 views

CVE-2024-21896

CVE-2024-21896 affects Node.js when using the experimental permission model (Node.js v20/v21). The vulnerability arises from monkey-patching Buffer internals (Buffer.prototype.utf8Write) to modify the result of path.resolve() for user-provided paths, enabling path traversal. Impact is described a...

9.8CVSS7AI score0.01262EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/20 1:31 a.m.33 views

CVE-2024-21896

The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By monkey-patching Buffer internals, namely...

7.9CVSS5.9AI score0.01262EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/02/16 12:0 a.m.160 views

Node.js 20.x < 20.11.1, 21.x < 21.6.2 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

9.8CVSS7.2AI score0.04459EPSS
Exploits1References8
Rows per page
Query Builder