32 matches found
CVE-2024-22018 affecting package nodejs for versions less than 24.14.1-3
CVE-2024-22018 affecting package nodejs for versions less than 24.14.1-3. An upgraded version of the package is available that resolves this issue...
MiracleLinux 8 : nodejs:20 (AXSA:2024-8725:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8725:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...
openSUSE Security Advisory (SUSE-SU-2024:2543-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2574-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: nodejs20
Issue Overview: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actor...
RLSA-2024:5815 Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...
Mageia: Security Advisory (MGASA-2024-0282)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
nodejs:20 security update
nodejs 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging...
nodejs:20 security update
nodejs 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging...
AlmaLinux 9 : nodejs:20 (ALSA-2024:5815)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5815 advisory. nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs: fs.fchown/fchmod...
ALSA-2024:5815 Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...
ALSA-2024:5814 Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...
Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...
Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...
SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2574-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2574-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...
SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2543-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2543-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...
CVE-2024-22018
creationtimestamp| type| source ---|---|--- 2024-07-10 04:38:04+00:00| seen| https://t.me/cvedetector/495 2025-04-30 23:14:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14198 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...
CVE-2024-22018
A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to...
SUSE CVE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...