MiracleLinux 9 : nodejs:20 (AXSA:2024-8151:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8151:01 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to retrie...

MiracleLinux 8 : nodejs:18 (AXSA:2023-6339:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6339:01 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x5...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Version v25 of Node.js contains a security vulnerability. This vulnerability stems from a flaw in the permission model, allowing Unix domain sockets to bypass network restrictions. This...

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-6.el7, rh-nodejs14-nodejs-14.18.2-1.el7 (AXSA:2022-2921:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2921:01 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI esca...

MiracleLinux 8 : nodejs:18 (AXSA:2022-4480:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4480:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

MiracleLinux 7 : rh-nodejs14-nodejs-14.20.1-2.el7 (AXSA:2022-3900:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3900:01 advisory. nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection CVE-2021-4453...

MiracleLinux 9 : nodejs-16.20.2-8.el9_4 (AXSA:2024-8149:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8149:02 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

MiracleLinux 8 : nodejs:14 (AXSA:2021-2343:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2343:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

MiracleLinux 8 : nodejs:18 (AXSA:2024-8777:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8777:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

MiracleLinux 7 : rh-nodejs12-nodejs-12.18.2-1.el7 (AXSA:2020-219:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-219:03 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 nodejs-minimist:...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6525:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6525:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according to...

MiracleLinux 8 : nodejs:16 (AXSA:2023-5262:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5262:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

MiracleLinux 9 : nodejs-16.20.2-1.el9 (AXSA:2023-6490:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6490:04 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...

MiracleLinux 9 : nodejs:18 (AXSA:2024-7655:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7655:01 advisory. nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-2.el7, rh-nodejs12-nodejs-12.22.2-1.el7 (AXSA:2021-2259:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2259:02 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

MiracleLinux 8 : nodejs:18 (AXSA:2022-4553:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4553:01 advisory. nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: DNS rebinding in inspect via invalid octal IP address CVE-2022-43548...

MiracleLinux 8 : nodejs:16 (AXSA:2022-3844:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3844:01 advisory. nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 nodejs: DNS rebinding in --inspect via invali...

MiracleLinux 8 : nodejs:12 (AXSA:2021-1559:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1559:01 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

MiracleLinux 7 : rh-nodejs12-nodejs-12.16.1-1.el7 (AXSA:2020-4480:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4480:02 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 nodejs: Remotely trigger an assertion on a TLS server with a...

MiracleLinux 9 : nodejs:18 (AXSA:2024-8154:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8154:01 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...