Azure Linux 3.0 Security Update: nodejs / pytorch (CVE-2021-22918)

The version of nodejs / pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22918 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii ...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2023-32002)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32002 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2023-42282)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42282 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such ...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-21538)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21538 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / python-jinja2 (CVE-2024-34064)

The version of nodejs / nodejs18 / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34064 advisory. - Jinja is an extensible templating engine. The xmlattr filter in affected versions...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30260)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30260 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30261)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30261 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integri...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js versions v18.x, v20.x, v22.x, and v23.x. The vulnerability stems from a memory leak that may occur when a remote peer suddenly closes a socket without...

CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4

CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4. A patched version of the package is available...

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and proxy servers, which allows attackers to elevate privileges to the “super-admin” level.

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and FortiProxy proxy servers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to elevate their privileges to “super-admi...

Medium: nodejs

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...

The vulnerability of the fs.statfs function in the Node.js software platform allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the fs.statfs function in the Node.js software platform is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-766)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-766 advisory. node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders c...

nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

AZL-35048 CVE-2024-25629 affecting package nodejs for versions less than 20.14.0-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

AZL-34462 CVE-2024-25629 affecting package nodejs18 for versions less than 18.20.2-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

PT-2024-2631 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted...

Important: nodejs

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nodejs Issue Correction: Run dnf update nodejs...