K82567234: NodeJS vulnerability CVE-2022-32215

Security Advisory Description The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. CVE-2022-32215 Impact Impact There is no impact; F5 products are not affected b...

UBUNTU-CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4015 more potentially affected by CVE-2022-25893 via vm2 (>=1.0.1 <=3.9.1)

vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.23.0-alpha.1 and more Source cves: CVE-2022-25893 Source advisory: OSV:GHSA-4W2J-2RG4-5MJW...

CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2

CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2. An upgraded version of the package is available that resolves this issue...

63pokupki-nodejs-common (=0.0.2), 7ghost (>=4.11.0 <=4.11.46) +3055 more potentially affected by CVE-2016-20018 via knex (>=0.10.0 <=2.3.0)

knex NPM version =0.10.0, =4.11.0, =1.0.0, =1.0.0, =0.0.2, =1.0.0, =0.0.1, =0.0.2, =1.0.2, =0.0.2, =0.0.1, =0.6.0, =2.1.0 and more Source cves: CVE-2016-20018 Source advisory: OSV:GHSA-4JV9-3563-23J3...

RHEL 8 : nodejs:16 (RHSA-2022:9073)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:9073 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Important Photon OS Security Update - PHSA-2022-3.0-0504

Updates of 'linux-rt', 'linux-aws', 'linux-esx', 'linux-secure', 'nodejs', 'linux' packages of Photon OS have been released...

Node.js: Multiple OpenSSL error handling issues in nodejs crypto library

Multiple OpenSSL error handling issues were discovered in the Node.js crypto library up to version 19.2.0. The library did not clear the OpenSSL error stack after operations that may set it, which could lead to false positive errors during subsequent cryptographic operations that happen to be on...

Rocky Linux 8 : nodejs:16 (RLSA-2022:9073)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:9073 advisory. - Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906 Note that Nessus has not tested for this...

AlmaLinux 8 : nodejs:16 (ALSA-2022:9073)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:9073 advisory. nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection CVE-2021-44532...

Moderate: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs-minimatch: ReDoS via the braceExpand function

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

nodejs: Prototype pollution via console.table properties

Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...

CentOS 8 : nodejs:16 (CESA-2022:9073)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:9073 advisory. - nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 - nodejs: Certificate Verification Bypass via String Injection CVE-2021-445...

Important Photon OS Security Update - PHSA-2022-4.0-0298

Updates of 'nodejs' packages of Photon OS have been released...

MGASA-2022-0463 Updated nodejs-json-schema packages fix security vulnerability

node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes. CVE-2021-3918...

Updated nodejs-json-schema packages fix security vulnerability

node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes. CVE-2021-3918...

nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.12.1-2 - Update version of bundled histogram 1:18.12.1-1 - Rebase to version 18.12.1 Resolves: rhbz2125580 CVE-2022-43548 CVE-2022-3517 1:18.9.1-1 - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256 nodejs-nodemon 2.0.20-1 - Rebase to 2.0.20 Resolves: CVE-2022-3517...

RHEL 8 : nodejs:18 (RHSA-2022:8833)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8833 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

AlmaLinux 9 : nodejs:18 (ALSA-2022:8832)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8832 advisory. nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: DNS rebinding in inspect via invalid octal IP address CVE-2022-43548 Tenable ha...