AZL-49164 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-5

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

AZL-49155 CVE-2024-43800 affecting package nodejs-nodemon 2.0.3-5

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

Fedora: Security Advisory (FEDORA-2024-ad51aa23c3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-49085 CVE-2024-45296 affecting package nodejs-nodemon 2.0.3-4

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event...

AZL-48849 CVE-2024-36137 affecting package nodejs 20.14.0-13

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

CVE-2023-30587 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30582 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30584 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30587 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30584 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30582 vulnerabilities

Vulnerabilities for packages: nodejs...

UBUNTU-CVE-2024-36137

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

Oracle Linux 9 : nodejs:18 (ELSA-2024-6147)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6147 advisory. nodejs 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

Oracle Linux 8 : nodejs:18 (ELSA-2024-6148)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6148 advisory. nodejs 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

nodejs:18 security update

nodejs 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.10 security update

Red Hat OpenShift Service Mesh Containers for 2.4.10 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

nodejs: Bypass network import restriction via data URL

A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...

AlmaLinux 9 : nodejs:18 (ALSA-2024:6147)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6147 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction via...

Low: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.2 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Mageia: Security Advisory (MGASA-2024-0282)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...