11 matches found
Astra Linux - уязвимость в nodejs
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
CLSA-2025-1756932817 nodejs: Fix of CVE-2024-22020
CVE-2024-22020: forbid data URLs in network imports to mitigate security flaw allowing bypass of network import restrictions...
OESA-2025-1199 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
Medium: nodejs20
Issue Overview: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actor...
nodejs: Bypass network import restriction via data URL
A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...
AZL-43195 CVE-2024-22020 affecting package nodejs for versions less than 20.14.0-5
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
AZL-43216 CVE-2024-22020 affecting package nodejs18 for versions less than 18.20.3-3
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
DEBIAN-CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
ALPINE-CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
UBUNTU-CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
PT-2024-6045 · Node.Js +7 · Node.Js +7
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 18.20.4 Node.js versions prior to 20.15.1 Node.js versions prior to 22.4.1 Description: A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an...