MiracleLinux 9 : nodejs:18 (AXSA:2023-6525:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6525:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according to...

ROOT-OS-DEBIAN-12-CVE-2025-22150 CVE-2025-22150 in rootio-node-undici - Patched by Root

Root has patched CVE-2025-22150 in the rootio-node-undici package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-30260 CVE-2024-30260 in rootio-node-undici - Patched by Root

Root has patched CVE-2024-30260 in the rootio-node-undici package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-47279 CVE-2025-47279 in rootio-node-undici - Patched by Root

Root has patched CVE-2025-47279 in the rootio-node-undici package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-24758 CVE-2024-24758 in rootio-node-undici - Patched by Root

Root has patched CVE-2024-24758 in the rootio-node-undici package for Root:Debian:12. Multiple fixed versions available...

Astra Linux - уязвимость в node-undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

Astra Linux - уязвимость в node-undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

Astra Linux - уязвимость в node-undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

PT-2025-21254 · Node.Js +5 · Llhttp +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the llhttp v9 upgrade node-undici in Debian Linux affected versions not specified Description: A flaw in the HTTP parser of Node.js allows improper termination of HTTP/1 headers using r rX instead of the required r r...

RHEL 8 : node-undici (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - node-undici: cookie leakage CVE-2023-45143 Note that Nessus has not tested for this issue but has instead relied on...

RHEL 9 : node-undici (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - node-undici: cookie leakage CVE-2023-45143 Note that Nessus has not tested for this issue but has instead relied on...

GHSA-9QXR-QJ54-H672 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...

nodejs:20 security update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RLSA-2023:7205 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: permission model improperly...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

node-undici: cookie leakage

A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have...

ALSA-2023:7205 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: permission model improperly...

RHEL 8 : nodejs:18 (RHSA-2023:5869)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5869 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

node-undici: cookie leakage

A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have...

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulletin which...