22 matches found
Azure Linux 3.0 Security Update: nodejs (CVE-2024-24758)
The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24758 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers...
ROOT-OS-DEBIAN-12-CVE-2024-24758 CVE-2024-24758 in rootio-node-undici - Patched by Root
Root has patched CVE-2024-24758 in the rootio-node-undici package for Root:Debian:12. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2024-24758
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear...
CVE-2024-24758 affecting package nodejs for versions less than 20.14.0-1
CVE-2024-24758 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js.
Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated...
Medium: nodejs
Issue Overview: NOTE: https://nodejs.org/en/blog/release/v18.19.1 NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.x NOTE: https://github.com/nodejs/node/commit/9052ef43dc2d1b0db340591a9bc9e45a25c01d90 main CVE-2024-22025 Undici is an HTTP/1.1 client, writt...
Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-568)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-568 advisory. NOTE: https://nodejs.org/en/blog/release/v18.19.1NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.xNOTE:...
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:0728-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:0729-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-544)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-544 advisory. 2024-03-13: CVE-2024-22025 was added to this advisory. The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file...
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:0728-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0728-1 advisory. Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack again...
Security Bulletin: IBM App Connect Enterprise Certified Container flows using Box are vulnerable to loss of confidentiality due to [CVE-2024-24758]
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for communicating with Box in the Box connector. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run flows using the Box connector are vulnerable to loss o...
SUSE: Security Advisory (SUSE-SU-2024:0729-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:0728-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2024:0730-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0730-1 advisory. Update to 18.19.1: security updates CVE-2024-21892: Code injection and privilege escalation through Linux capabilitie...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:0731-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0731-1 advisory. Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack again...
SUSE-SU-2024:0731-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding bsc1219997. CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk...
SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2024:0644-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0644-1 advisory. Update to 18.19.1: security updates CVE-2024-21892: Code injection and privilege escalation through Linux capabilities bsc1219992...
CVE-2024-24758
creationtimestamp| type| source ---|---|--- 2024-02-16 23:21:52+00:00| seen| https://t.me/ctinow/186690 2024-02-18 13:21:49+00:00| seen| https://t.me/ctinow/187244 2024-03-08 09:26:18+00:00| seen| https://t.me/ctinow/203166 2024-04-12 05:22:30+00:00| seen| https://t.me/arpsyndicate/4525 2024-11-1...
CVE-2024-24758
Undici (Node.js HTTP/1.1 client) has a vulnerability where Proxy-Authorization headers were not cleared during cross-origin redirects. It is fixed in versions 5.28.3 and 6.6.1. Affected versions include older releases prior to these patches; upgrading to 5.28.3 or 6.6.1 or newer is advised. The i...