MiracleLinux 8 : nodejs:14 nodejs-nodemon-2.0.20-2.module+el8+1579+35966ec0, nodejs-packaging-23-3.module+el8+1579+35966ec0, nodejs-14.21.1-2.module+el8+1579+35966ec0 (AXSA:2023-4653:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4653:01 advisory. minimist: prototype pollution CVE-2021-44906 node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 nodejs-minimatch:...

AZL-6743 CVE-2021-22931 affecting package nodejs for versions less than 16.14.0-1

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

nodejs: DNS rebinding in --inspect

A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...