16 matches found
TencentOS Server 4: nodejs (TSSA-2024:0614)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0614 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Alibaba Cloud Linux 3 : 0247: nodejs:20 (ALINUX3-SA-2024:0247)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0247 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-39331: A previously disclosed...
Photon OS 5.0: Nodejs PHSA-2023-5.0-0132
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0132. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...
Important: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Fedora: Security Advisory (FEDORA-2023-7b52921cae)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for nodejs20 (FEDORA-2023-f66fc0f62a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K000137330: Node.JS vulnerabilities CVE-2023-38552, CVE-2023-39331, CVE-2023-39332, and CVE-2023-3933
Security Advisory Description CVE-2023-38552 When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check...
CVE-2023-39332
creationtimestamp| type| source ---|---|--- 2023-10-18 07:33:24+00:00| seen| https://t.me/cibsecurity/72477 2024-11-14 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08...
CVE-2023-39332 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-39332 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
CVE-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
CVE-2023-39332
CVE-2023-39332 concerns Node.js: certain node:fs path operations permit traversal when paths are provided as non-Buffer Uint8Array objects. The vulnerability contrasts with existing mitigations for string paths and Buffer paths (CVE-2023-30584 and CVE-2023-32004). The issue arises in environments...
CVE-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
Node.js 18.x < 18.18.2, 20.x < 20.8.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...