Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Increased user privileges Node.js has released updates...

GHSA-C2QF-RXJJ-QQGW vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2022-25883 vulnerabilities

Vulnerabilities for packages: nodejs...

AZL-27208 CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

AZL-27207 CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20 that stems from a restriction that allows the use of a built-in inspector module to bypass flag settings...

Critical Photon OS Security Update - PHSA-2023-3.0-0602

Updates of 'nodejs', 'syslinux' packages of Photon OS have been released...

Denial Of Service (DoS)

zxcvbn-ts password strength estimator is vulnerable to denial of service DoS. The vulnerability is due to not restricting user supplied input to a maximum value. This leads to unbounded resource consumption resulting in a nodejs crash...

nodejs security update

1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 1:16.19.1-1 - Rebase to 16.19.1 - Resolves: rhbz2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-49...

AlmaLinux 9 : nodejs:18 (ALSA-2023:3577)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3577 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient randomness in...

RHEL 9 : nodejs (RHSA-2023:3586)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3586 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

ALSA-2023:3577 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

CVE-2023-28155 affecting package nodejs 14.21.1-1

CVE-2023-28155 affecting package nodejs 14.21.1-1. A patched version of the package is available...

Medium: nodejs

Issue Overview: An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. CVE-2023-23920 Affected Packages: nodejs Issue Correction: Run dnf update...

Snowflake NodeJS Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...

GHSA-H53W-7QW7-VH5C Snowflake NodeJS Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...

CVE-2023-34232

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...

Command injection

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...

CVE-2023-34232 Snowflake NodeJS Driver vulnerable to Command Injection

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...

CVE-2023-34232

Snowflake NodeJS driver (snowflake-connector-nodejs) is vulnerable to command injection via Single Sign-On (SSO) browser URL authentication in versions before 1.6.21. The attack requires the attacker to host a malicious resource and Trick a user into visiting a crafted connection URL; if successf...