Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20, 22, 24, and 25 of Node.js contain security vulnerabilities. These vulnerabilities stem from the futimes function in the permission model not performing the expected write...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, where the error related to the maximum call stack size when enabling asynchooks.createHook makes it impossible to catch certain exceptions,...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20, 22, 24, and 25 of Node.js contain security vulnerabilities. These vulnerabilities stem from flaws in the permission model, which could allow attackers to bypass file system...

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.20-2.el7, rh-nodejs14-nodejs-14.21.1-3.el7 (AXSA:2023-4997:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4997:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 minimist: prototype pollution CVE-2021-44906 node-fetch: exposure of sensitive...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6463:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6463:01 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodej...

MiracleLinux 9 : nodejs:20 (AXSA:2024-7667:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7667:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...

MiracleLinux 8 : nodejs:16 (AXSA:2022-4547:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4547:01 advisory. nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection CVE-2021-4453...

MiracleLinux 7 : rh-nodejs12-nodejs-12.18.4-3.el7 (AXSA:2020-894:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-894:04 advisory. nodejs-dot-prop: prototype pollution CVE-2020-8116 nodejs: HTTP request smuggling due to CR-to-Hyphen conversion CVE-2020-8201 npm: Sensitive...

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.19-1.el7, rh-nodejs14-nodejs-14.20.0-2.el7 (AXSA:2022-3813:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3813:02 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

MiracleLinux 8 : nodejs:18 (AXSA:2023-6466:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6466:01 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodej...

MiracleLinux 8 : nodejs:16 (AXSA:2023-6464:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6464:01 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodej...

MiracleLinux 8 : nodejs:14 nodejs-nodemon-2.0.20-2.module+el8+1579+35966ec0, nodejs-packaging-23-3.module+el8+1579+35966ec0, nodejs-14.21.1-2.module+el8+1579+35966ec0 (AXSA:2023-4653:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4653:01 advisory. minimist: prototype pollution CVE-2021-44906 node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 nodejs-minimatch:...

MiracleLinux 8 : nodejs:12 (AXSA:2021-2333:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2333:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...

MiracleLinux 9 : nodejs-16.19.1-2.el9 (AXSA:2023-6034:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6034:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

MiracleLinux 9 : nodejs-16.17.1-1.el9 (AXSA:2022-4091:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4091:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

MiracleLinux 7 : rh-nodejs14-nodejs-14.21.3-6.el7 (AXSA:2024-7617:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7617:02 advisory. rh-nodejs14-nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 A Asianux Security Bulletin which...

MiracleLinux 9 : nodejs-nodemon-2.0.20-3.el9, nodejs-16.19.1-1.el9 (AXSA:2023-6037:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6037:02 advisory. c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 http-cache-semantics: Regular Expression Denial of Servic...

MiracleLinux 8 : nodejs:14 (AXSA:2023-5289:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5289:01 advisory. decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 glob-parent: Regular Expression Denial of Service CVE-2021-35065...

MiracleLinux 9 : nodejs-16.20.1-1.el9 (AXSA:2023-6283:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6283:02 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x5...