OPENSUSE-SU-2024:12291-1 nodejs-electron-19.0.14-1.1 on GA media

These are all security issues fixed in the nodejs-electron-19.0.14-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13532-1 nodejs-electron-27.2.0-1.1 on GA media

These are all security issues fixed in the nodejs-electron-27.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12312-1 nodejs-electron-19.0.14-1.2 on GA media

These are all security issues fixed in the nodejs-electron-19.0.14-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12869-1 nodejs-electron-22.3.6-1.1 on GA media

These are all security issues fixed in the nodejs-electron-22.3.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12818-1 nodejs-electron-22.3.3-2.1 on GA media

These are all security issues fixed in the nodejs-electron-22.3.3-2.1 package on the GA media of openSUSE Tumbleweed...

RLSA-2024:2853 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

nodejs:20 security update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial o...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-27982...

curl: Unicode-to-ASCII conversion on Windows can lead to argument injection and more

Vulnerability description not provided...

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details IBM X-Force ID: 294242 DESCRIPTION: Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By addi...

Ubuntu: Security Advisory (USN-6822-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6822-1: Node.js vulnerabilities

It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...

Ubuntu 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6822-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6822-1 advisory. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were...

The vulnerability of the Permission Model component of the Node.js software platform, which allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Permission Model component of the Node.js software platform is related to insufficient technical documentation. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

MAL-2024-1540 Malicious code in node-pre-gyp-test-app2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b3456b640ac819fb66bf7f58e41f74e65b868629f609e863ca1bbe300070e7a8 The OpenSSF Package Analysis project identified 'node-pre-gyp-test-app2' @ 0.1.0-release1.release2 npm as malicious. It is considered malicious...

Node.js Modules Installed (Windows)

Binary data nodejsmoduleswininstalled.nbin...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service [CVE-2024-22025]

Summary Node.js is used by IBM App Connect Enterprise Certified Container as a runtime engine for processing data. IBM App Connect Enterprise Certified Container is vulnerable to denial of service when making HTTP calls using Node.js. This bulletin provides patch information to address the report...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By sending specially crafte...

BIT-NODE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...