RHEL 7 : kibana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ua-parser-js: Regular expression denial of service via the regex CVE-2020-7733 Note that Nessus has not test...

RHEL 8 : 12_nodejs-nodemon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-normalize-url: ReDoS for data URLs CVE-2021-33502 Note that Nessus has not tested for this issue but has...

RHEL 8 : got (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets CVE-2022-33987 Note that Nessus...

RHEL 8 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grafana: session control failure may lead to information disclosure CVE-2022-32275 - protobufjs: prototyp...

RHEL 8 : nodejs-hoek (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - hoek: Prototype pollution in utilities function CVE-2018-3728 Note that Nessus has not tested for this issue but ha...

RHEL 8 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs: Unitialized buffer due to incorrect encoding CVE-2017-15897 Note that Nessus has not tested for this issue...

GHSA-2P57-RM9W-GVFP ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

SUSE-SU-2024:1836-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline bsc1222530 - CVE-2024-30261: undici: Ensure that integrity cannot be tampered with bsc1222603...

DEBIAN-CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

Oracle Linux 9 : nodejs (ELSA-2024-2910)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2910 advisory. 1:16.20.2-8.0.1 - Fix CVE-2024-28182, CVE-2024-22025, CVE-2024-25629, CVE-2024-27982, CVE-2024-27983 Tenable has extracted the preceding description...

nodejs security update

1:16.20.2-8.0.1 - Fix CVE-2024-28182, CVE-2024-22025, CVE-2024-25629, CVE-2024-27982, CVE-2024-27983...

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : nodejs (RHSA-2024:2937)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2937 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs: HTTP Request Smuggling via Content Length Obfuscation

An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request...

RHEL 9 : nodejs (RHSA-2024:2910)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2910 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

AZL-42058 CVE-2024-4603 affecting package nodejs for versions less than 20.14.0-1

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...

RHEL 9 : nodejs:20 (RHSA-2024:2853)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2853 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

ALSA-2024:2853 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...