TencentOS Server 3: nodejs:20 (TSSA-2026:0327)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0327 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Node.js path traversal vulnerability

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20, which stems from a path traversal vulnerability due to a lack of checking of the function getValidatedPath in the API. An attacker can exploit this vulnerability to...

AZL-27278 CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

PT-2023-9687 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A flaw in the experimental permission model of Node.js version 20 allows malicious actors to retrieve stats from files they do not have explicit read access to when the --allow-fs-read flag is used with a non-...