Updated nodejs & yarnpkg packages fix security vulnerabilities

Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 High CVE-2024-22020 - Bypass network import restriction via data URL Medium CVE-2024-22018 - fs.lstat bypasses permission model Low CVE-2024-36137 - fs.fchown/fchmod bypasses...

MGASA-2024-0282 Updated nodejs & yarnpkg packages fix security vulnerabilities

Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 High CVE-2024-22020 - Bypass network import restriction via data URL Medium CVE-2024-22018 - fs.lstat bypasses permission model Low CVE-2024-36137 - fs.fchown/fchmod bypasses...

Malicious code in nodejs-docs-samples-vision (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1cdc3327056c67e82939a16ed3db3bac39a19b9dbcadfe2aabfd9dbaa353635 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

nodejs: Bypass network import restriction via data URL

A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...

nodejs:20 security update

nodejs 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging...

nodejs:20 security update

nodejs 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging...

ALSA-2024:5814 Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...

AlmaLinux 9 : nodejs:20 (ALSA-2024:5815)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5815 advisory. nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs: fs.fchown/fchmod...

Oracle Linux 8 : nodejs:20 (ELSA-2024-5814)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5814 advisory. nodejs 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging Tenable has extracted the...

AlmaLinux 8 : nodejs:20 (ALSA-2024:5814)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5814 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction via...

OPENSUSE-SU-2024:14276-1 nodejs-electron-30.4.0-1.1 on GA media

These are all security issues fixed in the nodejs-electron-30.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

Medium: nodejs

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This...

Bunt 安全漏洞

Bunt is a TypeSafe monolithic application framework written in TypeScript for Node.js by the individual developer Artur Bier. A security vulnerability exists in Bunt version v0.29.19, which stems from the component /esm/qs.js contains prototype contamination that allows an attacker to execute...

Microsoft Azure NodeJS LogPoint logpointsassets Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NodeJS LogPoint for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of NodeJS LogPoint. When installed from the officia...

CVE-2021-3805

A flaw was found in the object-path nodejs library when the del function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of...

GHSA-977X-G7H5-7QGW Elliptic's ECDSA missing check for whether leading bit of r and s is zero

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

DEBIAN-CVE-2024-42460

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

DEBIAN-CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

PT-2024-29957 · Npm +1 · Elliptic +1

Name of the Vulnerable Software and Affected Versions: Elliptic package version 6.5.6 Description: ECDSA signature malleability occurs in the Elliptic package because BER-encoded signatures are allowed. This issue affects the Elliptic package for Node.js. Recommendations: For Elliptic package...

Security Bulletin: Vulnerability in nodejs decode-uri-component affect Cloud Pak System[CVE-2022-38900]

Summary Vulnerability in nodejs decode-uri-component affect Cloud Pak SystemCVE-2022-38900. Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by...