nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

nodejs: Permissions policies can be bypassed via Module._load

A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

RHEL 9 : nodejs (RHSA-2023:5533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5533 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 9 : nodejs (RHSA-2023:5532)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5532 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Important: nodejs security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9 (Important) (RHSA-2023:5486)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5486 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

USN-6418-1 nodejs vulnerabilities

It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 LTS. CVE-2021-22883...

nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.17.1-1 - Rebase to version 18.17.1 Resolves: rhbz2228940 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build Related: rhbz2226726 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7 (Important) (RHSA-2023:5484)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5484 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

nodejs:16 security, bug fix, and enhancement update

nodejs 1:16.20.2-2 - Rebase to 16.20.2 Resolves: rhbz2231866 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 Resolves: CVE-2022-25883 nodejs-packaging 26-1 - nodejs.prov: find namespaced bundled dependencies - Apply...

nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.17.1-1 - Rebase to version 18.17.1 Resolves: rhbz2228939 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging...

CVE-2023-32559 affecting package nodejs for versions less than 16.20.2-2

CVE-2023-32559 affecting package nodejs for versions less than 16.20.2-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-32002 affecting package nodejs for versions less than 16.20.2-2

CVE-2023-32002 affecting package nodejs for versions less than 16.20.2-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-32006 affecting package nodejs for versions less than 16.20.2-2

CVE-2023-32006 affecting package nodejs for versions less than 16.20.2-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2

CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2. A patched version of the package is available...

CVE-2023-35945 affecting package nodejs for versions less than 16.20.2-2

CVE-2023-35945 affecting package nodejs for versions less than 16.20.2-2. A patched version of the package is available...

Input validation

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

AlmaLinux 8 : nodejs:16 (ALSA-2023:5360)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5360 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodejs:...