SUSE-SU-2023:1942-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...

Fedora 37 : ruby (2023-f58d72c700)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f58d72c700 advisory. Upgrade to Ruby 3.1.4. Fix ReDoS vulnerability in URI CVE-2023-28755 Fix ReDoS vulnerability in Time CVE-2023-28756 Fix bundler improperly resolving...

Fedora 36 : ruby (2023-a7be7ea1aa)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a7be7ea1aa advisory. Upgrade to Ruby 3.1.4. Fix ReDoS vulnerability in URI CVE-2023-28755 Fix ReDoS vulnerability in Time CVE-2023-28756 Fix bundler improperly resolving...

SUSE-SU-2023:1924-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...

SUSE-SU-2023:1923-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2023-158)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-158 advisory. A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution...

SUSE: Security Advisory (SUSE-SU-2023:1923-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: ruby3.2

Issue Overview: A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 a...

Design/Logic Flaw

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

CVE-2023-30608

CVE-2023-30608 affects the Python package sqlparse (non-validating SQL parser module). A vulnerable regular expression in the parser can cause Regular Expression Denial of Service (ReDoS) leading to DoS conditions. The issue was introduced by commit e75e358 and is fixed in sqlparse 0.4.4 via comm...

CVE-2023-30608

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

CVE-2023-30608 Parser contains an inefficient regular expression in sqlparse

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

[SECURITY] [DLA 3392-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3392-1 [email protected] https://www.debian.org/lts/security/ Scarlett Moore April 17, 2023 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 3392-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3392-1 [email protected] https://www.debian.org/lts/security/ Scarlett Moore April 17, 2023 https://wiki.debian.org/LTS -...

CentOS 8 : nodejs:16 (CESA-2023:1582)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1582 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

CentOS 8 : nodejs:18 (CESA-2023:1583)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:1583 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

Fedora 38 : ruby (2023-6b924d3b75)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6b924d3b75 advisory. Upgrade to Ruby 3.2.2. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

OESA-2023-1226 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Tim...

FreeBSD : py39-setuptools -- denial of service vulnerability (1b38aec4-4149-4c7d-851c-3c4de3a1fbd0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1b38aec4-4149-4c7d-851c-3c4de3a1fbd0 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of...