Rocky Linux 9 : nodejs (RLSA-2024:2910)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2910 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

@pnp/nodejs (>=4.0.0 <=4.1.1-v4nightly.20240617), insomnia-plugin-azure-ad-authentication (=1.1.2) potentially affected by CVE-2024-35255 via @azure/msal-node (>=2.7.0 <=2.9.1)

@azure/msal-node NPM version =2.7.0, =4.0.0, =4.1.1-v4nightly.20240617 - insomnia-plugin-azure-ad-authentication =1.1.2 Source cves: CVE-2024-35255 Source advisory: OSV:GHSA-M5VV-6R4H-3VJ9...

nodejs-ip: arbitrary code execution via the isPublic() function

A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic function by inducing a Server-Side Request Forgery SSRF attack and obtaining access to normally inaccessible resources...

Important: Red Hat Security Advisory: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

RHEL 8 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs: Unitialized buffer due to incorrect encoding CVE-2017-15897 Note that Nessus has not tested for this issue...

RHEL 8 : nodejs-hoek (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - hoek: Prototype pollution in utilities function CVE-2018-3728 Note that Nessus has not tested for this issue but ha...

RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-http-signature: HTTP header forgery CVE-2017-16005 Note that Nessus has not tested for this issue but has...

RHEL 9 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-semver: Regular expression denial of service CVE-2022-25883 Note that Nessus has not tested for this issue b...

RHEL 6 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-semver: Regular expression denial of service CVE-2022-25883 Note that Nessus has not tested for this issue b...

RHEL 7 : kibana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ua-parser-js: Regular expression denial of service via the regex CVE-2020-7733 Note that Nessus has not test...

RHEL 8 : kibana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-set-value: prototype pollution in function set-value CVE-2019-10747 - mixin-deep is vulnerable to...

RHEL 8 : 10_nodejs-nodemon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties CVE-2018-3750 Note that...

RHEL 7 : kiali (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-axios: Regular expression denial of service in trim function CVE-2021-3749 Note that Nessus has not tested f...

RHEL 8 : 14_nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-30590 - The use of proto ...

RHEL 8 : 12_nodejs-nodemon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-normalize-url: ReDoS for data URLs CVE-2021-33502 Note that Nessus has not tested for this issue but has...

RHEL 8 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grafana: session control failure may lead to information disclosure CVE-2022-32275 - protobufjs: prototyp...

RHEL 8 : cockpit-ovirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-glob-parent: Regular expression denial of service CVE-2020-28469 Note that Nessus has not tested for this...

RHEL 9 : got (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets CVE-2022-33987 Note that Nessus...

RHEL 8 : got (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets CVE-2022-33987 Note that Nessus...

The vulnerability of the Node.js software platform arises from incorrect restrictions on path names for directories with restricted access. This allows attackers to execute attacks by bypassing these paths.

The vulnerability of the Node.js software platform is related to incorrect restrictions on path names for directories with restricted access. Exploiting this vulnerability can allow an attacker to execute attacks by bypassing the path restrictions...