MAL-2024-11186 Malicious code in cdp-agentkit-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d53da33893272680319756bf6d56dbd2de8b7d06bc19bd46c65f06c11336031 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11166 Malicious code in eslint-config-sunset-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 042f734df520ee49c1cf44e40629e136159746964c87533d226f02be765e956e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nodejs-prom-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00399342fd828bf3305571f803a862bf442f1d4800ca6da0c85756aae3d662ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11058 Malicious code in nodejs-prom-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00399342fd828bf3305571f803a862bf442f1d4800ca6da0c85756aae3d662ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in config-sdk-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e981c5877747825868f3fa52c139feb2dc49785d34e735556a425dcaf00c2802 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10956 Malicious code in config-sdk-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e981c5877747825868f3fa52c139feb2dc49785d34e735556a425dcaf00c2802 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-21538 affecting package nodejs for versions less than 20.14.0-3

CVE-2024-21538 affecting package nodejs for versions less than 20.14.0-3. A patched version of the package is available...

Astra Linux - уязвимость в nodejs

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-21538)

The version of nodejs / nodejs18 / reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21538 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

20 bug fix and enhancement update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

22 bug fix and enhancement update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For...

OPENSUSE-SU-2024:14510-1 nodejs-electron-31.7.5-1.1 on GA media

These are all security issues fixed in the nodejs-electron-31.7.5-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-G85V-WF27-67XC Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

Summary Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of...

The vulnerability of the fs.statfs function in the Node.js software platform allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the fs.statfs function in the Node.js software platform is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the...

nodejs-electron-31.7.4-1.1 on GA media (moderate)

nodejs-electron-31.7.4-1.1 on GA media Announcement ID: openSUSE-SU-2024:14494-1 Rating: moderate Cross-References: CVE-2024-10231 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

Medium: nodejs20

Issue Overview: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actor...

OPENSUSE-SU-2024:14494-1 nodejs-electron-31.7.4-1.1 on GA media

These are all security issues fixed in the nodejs-electron-31.7.4-1.1 package on the GA media of openSUSE Tumbleweed...

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-766)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-766 advisory. node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders c...