MiracleLinux 8 : nodejs:14 (AXSA:2023-5289:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5289:01 advisory. decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 glob-parent: Regular Expression Denial of Service CVE-2021-35065...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6072:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6072:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

RockyLinux 9 : nodejs:18 (RLSA-2023:2654)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

RLSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

BIT-NODE-MIN-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

Node.js: insecure loading of ICU data through ICU_DATA environment variable

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

SUSE-SU-2023:0682-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2023-23920: Fixed insecure loading of ICU data through ICUDATA environment bsc1208487...

SUSE-SU-2023:0674-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23920: Fixed insecure loading of ICU data through ICUDATA environment bsc1208487...

SUSE-SU-2023:0607-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23920: Fixed insecure loading of ICU data through ICUDATA environment bsc1208487...

CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

Thursday February 16 2023 Security Releases

Thursday February 16 2023 Security Releases Update 16-February-2023 Security releases available Updates are now available for the v19.x, v18.x, v16.x, and v14.x Node.js release lines for the following issues. OpenSSL Security updates This security release includes OpenSSL security updates as...