Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20, which stems from a vulnerability that allows an attacker to retrieve statistical information from restricted files using fs.statfs...

AlmaLinux 8 : nodejs:18 (ALSA-2023:4536)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4536 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

Moderate: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : nodejs:18 (RHSA-2023:4536)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4536 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 8 : nodejs:16 (RHSA-2023:4537)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4537 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CVE-2023-31130 affecting package nodejs for versions less than 16.20.1-2

CVE-2023-31130 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2

CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2. A patched version of the package is available...

CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2

CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-31147 affecting package nodejs for versions less than 16.20.1-2

CVE-2023-31147 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2

CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2

CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update

Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

18 security, bug fix, and enhancement update

nodejs 1:18.16.1-1 - Rebase to 18.16.1 Resolves: rhbz2188292 rhbz2187683 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz2222285 nodejs-nodemon nodejs-packaging...

nodejs security, bug fix, and enhancement update

1:16.20.1-1 - Rebase to 16.20.1 Resolves: rhbz2188291 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz2177781...

nodejs: process interuption due to invalid Public Key information in x509 certificates

A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

RHEL 9 : nodejs (RHSA-2023:4331)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4331 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 9 : nodejs:18 (RHSA-2023:4330)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4330 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Denial Of Service (DoS)

@feathersjs/transport-commons is vulnerable to Denial of Service DoS attacks. The vulnerability is due to invalid string conversions such as $ toString: '' , which causes the Feathers socket handler to crash the NodeJS process because its unable to handle invalid string conversions...