Rocky Linux 8 : nodejs:16 (RLSA-2023:5850)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5850 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

[R1] Tenable Identity Exposure Version 3.42.17 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.42.17 Fixes Multiple Vulnerabilities Jason Schavel Mon, 10/23/2023 - 11:51 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components RabbitMQ, libcurl, and nodeJS were found to...

When the Node.js policy feature checks the integrity of a resource against a trusted manifest the application can intercept the operation and return a forged checksum to the node's policy implementation thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and 20.x. Please note that at the time this CVE was issued the policy mechanism is an experimental feature of Node.js.

...

Oracle Linux 8 : nodejs:16 (ELSA-2023-5850)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5850 advisory. - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding description block directly from the Orac...

nodejs:18 security update

nodejs 1:18.18.2-1 - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon nodejs-packaging...

Mageia: Security Advisory (MGASA-2023-0299)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0299 Updated nodejs packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release High CVE-2023-45143: undici Security Release High CVE-2023-38552: Integrity checks according to policies can be circumvented Medium CVE-2023-39333: Code injection via WebAssembly...

Updated nodejs packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release High CVE-2023-45143: undici Security Release High CVE-2023-38552: Integrity checks according to policies can be circumvented Medium CVE-2023-39333: Code injection via WebAssembly...

Oracle Linux 9 : nodejs (ELSA-2023-5765)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5765 advisory. 1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

nodejs security update

1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487...

nodejs:16 security update

nodejs 1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 nodejs-nodemon nodejs-packaging 26-1 - nodejs.prov: find namespaced bundled dependencies - Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df...

SUSE-SU-2023:4133-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

SUSE-SU-2023:4132-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-391)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-391 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

RHEL 8 : nodejs:18 (RHSA-2023:5869)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5869 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

AlmaLinux 8 : nodejs:16 (ALSA-2023:5850)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5850 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description block...

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

nodejs: code injection via WebAssembly export names

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

DEBIAN-CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...