AZL-49155 CVE-2024-43800 affecting package nodejs-nodemon 2.0.3-5

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

AZL-49094 CVE-2024-43800 affecting package nodejs-nodemon 2.0.3-4

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

AZL-49164 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-5

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

AZL-49085 CVE-2024-45296 affecting package nodejs-nodemon 2.0.3-4

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event...

RHEL 8 : 10_nodejs-nodemon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties CVE-2018-3750 Note that...

RHEL 8 : 12_nodejs-nodemon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-normalize-url: ReDoS for data URLs CVE-2021-33502 Note that Nessus has not tested for this issue but has...

AZL-44020 CVE-2024-4068 affecting package nodejs-nodemon 2.0.3-4

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

CentOS 9 : nodejs-nodemon-2.0.20-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the nodejs- nodemon-2.0.20-2.el9 build changelog. - Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906 Note that Nessus has...

CentOS 9 : nodejs-nodemon-2.0.20-3.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the nodejs- nodemon-2.0.20-3.el9 build changelog. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular...

nodejs:16 security update

nodejs 1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 nodejs-nodemon nodejs-packaging 26-1 - nodejs.prov: find namespaced bundled dependencies - Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.17.1-1 - Rebase to version 18.17.1 Resolves: rhbz2228940 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build Related: rhbz2226726 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging...

ALSA-2023:2655 Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1, nodejs-nodemon 2.0.20. Security Fixes: c-ares: buffer overflow in...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon, nodejs-nodemon, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Rocky Linux 9 : nodejs and nodejs-nodemon (RLSA-2022:6595)

The remote Rocky Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2022:6595 advisory. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces,...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2023:0612)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0612 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

AZL-43768 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-4

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

AZL-44958 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-5

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

nodejs and nodejs-nodemon security, bug fix, and enhancement update

nodejs 1:16.18.1-3 - Update sources of undici WASM blobs Resolves: rhbz2151617 1:16.18.1-2 - Add back libs and v8-devel subpackages - Related: RHBZ2121126 - Record previously fixed CVE - Resolves: CVE-2021-44906 1:16.18.1-1 - Rebase + CVEs - Resolves: 2142808 - Resolves: 2142826, 2131745, 2142855...

AZL-43849 CVE-2017-20162 affecting package nodejs-nodemon 2.0.3-4

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...