OESA-2024-2174 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request...

SUSE-SU-2024:1837-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline bsc1222530 - CVE-2024-30261: undici: Ensure that integrity cannot be tampered with bsc1222603...

SUSE-SU-2024:1836-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline bsc1222530 - CVE-2024-30261: undici: Ensure that integrity cannot be tampered with bsc1222603...

SUSE CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

DEBIAN-CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

AZL-39773 CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

GHSA-9QXR-QJ54-H672 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libsilc-1.1-2 package of the Debian GNU/Linux operating system can be exploited, resulting in a violation of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

PhpDig < 1.8.5 Unspecified Vulnerability

The remote host is running phpDig, an open source search engine written in PHP. The remote version of this software is affected by a vulnerability that may allow an attacker to tamper with the integrity of the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...