GHSA-HHR9-RH25-HVF9 Feathers socket handler allows abusing implicit toString

Impact Feathers socket handler did not catch invalid string conversion errors like: ts const message = $ toString: '' Causing the NodeJS process to crash when sending an unexpected Socket.io message like ts socket.emit'find', toString: '' Patches A fix has been released in - v5.0.8 via 3241 -...

Feathers socket handler allows abusing implicit toString

Impact Feathers socket handler did not catch invalid string conversion errors like: ts const message = $ toString: '' Causing the NodeJS process to crash when sending an unexpected Socket.io message like ts socket.emit'find', toString: '' Patches A fix has been released in - v5.0.8 via 3241 -...

Oracle Linux 8 : nodejs:16 (ELSA-2023-4034)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4034 advisory. nodejs 1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 Tenable has extracted the...

CVE-2023-37899

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

Design/Logic Flaw

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

CVE-2023-37899 feathersjs socket handler allows abusing implicit toString

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

CVE-2023-37899 feathersjs socket handler allows abusing implicit toString

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

CVE-2023-37899 feathersjs socket handler allows abusing implicit toString

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

CVE-2023-37899

CVE-2023-37899 concerns Feathersjs: the socket handler fails to catch invalid string conversion errors (e.g., a crafted toString object), causing Node.js to crash on unexpected Socket.io messages. A fix is available in Feathers versions 5.0.8 and 4.5.18; users should upgrade. There is no known wo...

nodejs:18 security update

nodejs 1:18.14.2-3 - Update bundled c-ares to 1.19.1 Resolves: CVE-2022-4904 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067...

SUSE-SU-2023:2861-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...

RHEL 7 : rh-nodejs14-nodejs (RHSA-2023:4039)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4039 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 8 : nodejs:18 (RHSA-2023:4035)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4035 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

AlmaLinux 8 : nodejs:16 (ALSA-2023:4034)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4034 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient randomness in...

CentOS 8 : nodejs:16 (CESA-2023:4034)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:4034 advisory. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as see...

ALSA-2023:4035 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: buffer overflow in configsortlist due to missing string length check...

CentOS 8 : nodejs:18 (CESA-2023:4035)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4035 advisory. - A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitra...

AlmaLinux 8 : nodejs:18 (ALSA-2023:4035)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4035 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904...

Ateme TITAN File 3.9 - SSRF File Enumeration Vulnerability

Exploit Title: Ateme TITAN File 3.9 - SSRF File Enumeration Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD,...

Ateme TITAN File 3.9 Job Callbacks Server-Side Request Forgery

Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and...