68 matches found
[SECURITY] [DLA 4152-1] nodejs security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4152-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 02, 2025 https://wiki.debian.org/LTS -...
Linux Distros Unpatched Vulnerability : CVE-2023-43646
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regul...
Important: Red Hat Security Advisory: nodejs:22 security update
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2025:1611 Important: nodejs:22 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-28863)
The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28863 advisory. - node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the numbe...
SUSE-SU-2025:0284-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: Update to 22.13.1: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently...
SUSE-SU-2025:0237-1 Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to 20.18.2: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently...
SUSE-SU-2024:4301-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Update to 18.20.5 esm: mark import attributes and JSON module as stable deps: + upgrade npm to 10.8.2 + update simdutf to 5.6.0 +...
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
Summary When creating a new plugin using the git source, the user-controlled value req.body.name is used to build the plugin directory where the location will be cloned. The API used to execute the git clone command with the user-controlled data is childprocess.execSync. Since the user-controlled...
nodejs:20 security update
nodejs 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging...
SUSE-SU-2024:1836-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline bsc1222530 - CVE-2024-30261: undici: Ensure that integrity cannot be tampered with bsc1222603...
SUSE-SU-2024:1309-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...
SUSE-SU-2023:3455-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using...
SUSE-SU-2023:3379-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed...
SUSE-SU-2023:2861-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...
SUSE-SU-2023:2662-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to version 18.16.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...
nodejs: Improper handling of URI Subject Alternative Names
A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...
SUSE-SU-2023:0715-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...
SUSE-SU-2023:0673-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...