SUSE-SU-2023:0663-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. - CVE-2022-40899: Fixed REDoS in http.cookiejar ghpython/cpython17157 bsc1206673...

Debian: Security Advisory (DLA-3350-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:0608-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0608-1 advisory. - A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible t...

SUSE-SU-2023:0609-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

SUSE-SU-2023:0608-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

Moderate: Red Hat Security Advisory: python-setuptools security update

An update for python-setuptools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

SUSE CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

RHEL 9 : python-setuptools (RHSA-2023:0952)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0952 advisory. The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of...

ALSA-2023:0952 Moderate: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 For more details abo...

Oracle Linux 9 : python-setuptools (ELSA-2023-0952)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0952 advisory. 53.0.0-10.1 - Security fix for CVE-2022-40897 Resolves: rhbz2158559 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

GHSA-XR9W-X6GW-C9MJ Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jc97-h3h9-7xh6. This link is maintained to preserve external references. Original Description Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the...

Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jc97-h3h9-7xh6. This link is maintained to preserve external references. Original Description Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the...

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

Design/Logic Flaw

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

CVE-2023-26103

CVE-2023-26103 affects Deno before 1.31.0, where upgradeWebSocket uses regexes /s*,s*/ to split Connection/Upgrade headers, enabling a Regular Expression Denial of Service that can significantly slow a WebSocket server. Multiple connected sources confirm the issue and state a patch in Deno 1.31.0...

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

RLSA-2023:0835 Moderate: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 For more details abo...

python-setuptools security update

An update is available for python-setuptools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-setuptools package provides a collection of enhancements...

CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...