MiracleLinux 8 : nodejs:16 (AXSA:2022-3781:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3781:01 advisory. npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 Tenable has extracted the preceding description block directly from the...

GHSA-9M48-R3W4-X35V vulnerabilities

Vulnerabilities for packages: nodejs...

Important: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:1308-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1308-1 advisory. - The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead t...

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:1305-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1305-1 advisory. - The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead t...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:0729-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0729-1 advisory. - A vulnerability in the privateDecrypt API of the crypto library, allowed a covert timing side-channel during PKCS1 v1.5 padding...

RHEL 8 : nodejs:16 (RHSA-2023:1582)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1582 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Important: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Internet Bug Bounty: Permissions policies can be bypassed via Module._load and require.extensions (High) (CVE-2023-30587)

A vulnerability in the experimental permissions policy mechanism in Node.js was reported. The use of Module.load could bypass the policy and require unauthorized modules. This affected all active release lines. The vulnerability was reported by a researcher and fixed by the Node.js security team...

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:3379-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3379-1 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition fo...

Fedora 37 : nodejs16 (2023-61e40652be)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-61e40652be advisory. 2023-06-20, Version 16.20.1 'Gallium' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

nodejs:16 security, bug fix, and enhancement update

nodejs 1:16.18.1-3 - Update sources of undici WASM blobs Resolves: rhbz2151546 1:16.18.1-2 - Record CVE references already addressed in this or previous upstream versions Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 1:16.18.1-1 - Rebase + CVE fixes - Resolves: 2142806 -...

Oracle Linux 8 : nodejs:16 (ELSA-2022-6449)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6449 advisory. - CVE fixes for CVE-2022-32212/3/4/5 - Resolves CVE-2022-33987 Tenable has extracted the preceding description block directly from the Oracle Linux...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:2491-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2491-1 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost che...

new module: nodejs:16

This enhancement update adds the nodejs:16 module to AlmaLinuxas a Technology Preview. A future update will provide a Long Term Support LTS version of Node.js 16, which will be fully supported. BZ1953991 For detailed information on changes in this release, see the AlmaLinux Release Notes linked...