nodejs-minimatch: ReDoS via the braceExpand function

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

Rocky Linux 9 : nodejs and nodejs-nodemon (RLSA-2022:6595)

The remote Rocky Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2022:6595 advisory. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces,...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2023:0612)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0612 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice...

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities due to its use of NodeJS

Summary NodeJS is used by multiple components of IBM Cloud Pak for Multicloud Management Monitoring as a runtime environment. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are n...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs-moment: Regular expression denial of service

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

nodejs-moment: Regular expression denial of service

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

GHSA-RC47-6667-2J5J vulnerabilities

Vulnerabilities for packages: pgadmin4...

AZL-44958 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-5

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

CVE-2022-25881 vulnerabilities

Vulnerabilities for packages: pgadmin4...

AZL-13173 CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

AZL-43768 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-4

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

nodejs-minimatch: ReDoS via the braceExpand function

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes v1.0.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Debian: Security Advisory (DSA-5326-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nodejs and nodejs-nodemon security, bug fix, and enhancement update

nodejs 1:16.18.1-3 - Update sources of undici WASM blobs Resolves: rhbz2151617 1:16.18.1-2 - Add back libs and v8-devel subpackages - Related: RHBZ2121126 - Record previously fixed CVE - Resolves: CVE-2021-44906 1:16.18.1-1 - Rebase + CVEs - Resolves: 2142808 - Resolves: 2142826, 2131745, 2142855...

nodejs-minimatch: ReDoS via the braceExpand function

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

nodejs: DNS rebinding in inspect via invalid octal IP address

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...