Medium: nodejs20

Issue Overview: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actor...

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

Fedora 37 : nodejs (2022-1667f7b60a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1667f7b60a advisory. November 2022 Security Updates https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/ ---- Update to 18.10.0...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-766)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-766 advisory. node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders c...

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

AZL-52604 CVE-2024-21538 affecting package nodejs for versions less than 20.14.0-3

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

AZL-52551 CVE-2024-21538 affecting package nodejs18 for versions less than 18.20.3-2

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

RHEL 8 : nodejs:18 (RHSA-2024:6148)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6148 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

SUSE CVE-2024-42460

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

MAL-2024-10267 Malicious code in webhooks-resources-nodejs-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a43dfca0a81576880163a0fe81d037a7afb900df7a2de98b47f233cc57cc587 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webhooks-resources-nodejs-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a43dfca0a81576880163a0fe81d037a7afb900df7a2de98b47f233cc57cc587 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.9.5 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.9.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

nodejs-electron-31.7.2-1.1 on GA media (moderate)

nodejs-electron-31.7.2-1.1 on GA media Announcement ID: openSUSE-SU-2024:14425-1 Rating: moderate Cross-References: CVE-2024-7025 CVE-2024-7965 CVE-2024-8198 CVE-2024-8362 CVE-2024-8636 CVE-2024-9121 CVE-2024-9123 Affected Products: openSUSE Tumbleweed An update that solves 7 vulnerabilities can...

OPENSUSE-SU-2024:14425-1 nodejs-electron-31.7.2-1.1 on GA media

These are all security issues fixed in the nodejs-electron-31.7.2-1.1 package on the GA media of openSUSE Tumbleweed...

RHSA-2024:6147 Red Hat Security Advisory: nodejs:18 security update

Bulletin has no description...

RHSA-2024:6148 Red Hat Security Advisory: nodejs:18 security update

Bulletin has no description...

RHSA-2024:5814 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

RHSA-2023:7205 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

RHSA-2023:5869 Red Hat Security Advisory: nodejs:18 security update

Bulletin has no description...

RHSA-2023:5849 Red Hat Security Advisory: nodejs:18 security update

Bulletin has no description...