MGASA-2023-0264 Updated nodejs packages fix security vulnerability

This is a security release. As well, it fixes v8 headers detection mga28809 The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module.load High CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire Medium CVE-2023-32559: Policies can ...

K000136924: Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166

Security Advisory Description CVE-2018-7158 The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The...

USN-6380-1 nodejs vulnerabilities

Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

CVE-2023-32558 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-32558 vulnerabilities

Vulnerabilities for packages: nodejs...

Security Bulletin: Due to use of NodeJS, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities.

Summary NodeJS is used by multiple components of IBM Cloud Pak for Multicloud Management Monitoring as a runtime environment Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly che...

OESA-2023-1551 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Critical Photon OS Security Update - PHSA-2023-3.0-0642

Updates of 'open-vm-tools', 'nodejs' packages of Photon OS have been released...

RLSA-2023:4034 Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

Critical Photon OS Security Update - PHSA-2023-5.0-0082

Updates of 'binutils', 'nodejs' packages of Photon OS have been released...

The vulnerability of the process.binding() module in the Node.js software platform allows attackers to circumvent existing security restrictions.

The vulnerability of the process.binding module in the Node.js software platform is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...

SUSE-SU-2023:3455-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using...

Privilege Escalation

nodejs is vulnerable to Privilege Escalation. This vulnerability exists due to a flaw in the way the process.binding API can be used to bypass the policy mechanism. An attacker can exploit this vulnerability to gain elevated privileges...

nodejs bug fix update

An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...

CVE-2023-32559 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-32559 vulnerabilities

Vulnerabilities for packages: nodejs...

ALPINE-CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

The vulnerability of the `process.mainModule.proto.require()` function in the Node.js software platform allows a attacker to compromise the integrity of the protected information.

The vulnerability of the process.mainModule.proto.require function in the Node.js software platform is related to authentication errors. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information...

Improper Access Control

nodejs is vulnerable to Improper Access Control. This vulnerability exists due to a flaw in the way the module.constructor.createRequire API can be used to bypass the policy mechanism. An attacker can exploit this vulnerability to load modules outside of the policy...

SUSE-SU-2023:3400-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed...