4420 matches found
CVE-2023-23920 affecting package nodejs 14.21.1-3
CVE-2023-23920 affecting package nodejs 14.21.1-3. An upgraded version of the package is available that resolves this issue...
CVE-2023-23918 affecting package nodejs 14.21.1-3
CVE-2023-23918 affecting package nodejs 14.21.1-3. An upgraded version of the package is available that resolves this issue...
DEBIAN-CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
AZL-27926 CVE-2023-32006 affecting package nodejs18 for versions less than 18.17.1-2
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
AZL-27941 CVE-2023-32006 affecting package nodejs for versions less than 16.20.2-2
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
ALPINE-CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
CVE-2023-32006 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32004 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32004 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32006 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32003 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32003 vulnerabilities
Vulnerabilities for packages: nodejs...
SUSE CVE-2023-32003
fs.mkdtemp and fs.mkdtempSync can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the...
SUSE CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...
CVE-2023-32558
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the permission model through path traversal. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...
CVE-2023-32004
A vulnerability was found in NodeJS. This security issue occurs as improper handling of buffers in file system APIs, causing a traversal path to bypass when verifying file permissions. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the R...
CVE-2023-32003
A vulnerability was found in NodeJS. This security issue occurs as fs.mkdtemp and fs.mkdtempSync can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp API, and the impact is a malicious actor could create an arbitra...
Malicious code in wasabi-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1a47529c7afca95337513fc02161d3429f5b5e4fa1ff3f80484688148b152ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1076 Malicious code in wasabi-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1a47529c7afca95337513fc02161d3429f5b5e4fa1ff3f80484688148b152ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Important: nodejs
Issue Overview: Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range. CVE-2022-25883 Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2...