RHEL 8 : nodejs-request (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-request: Remote Memory Exposure when a multipart request is made CVE-2017-16026 Note that Nessus has not...

RHEL 6 : nodejs-semver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-semver: Regular expression denial of service CVE-2022-25883 Note that Nessus has not tested for this issue b...

RHEL 9 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: integrity checks according to policies can be circumvented CVE-2023-38552 - Maliciously crafted...

RHEL 8 : nodejs-mixin-deep (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 Note that Nessus has not tested for th...

RHEL 8 : nodejs-trim-newlines (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-trim-newlines: ReDoS in .end method CVE-2021-33623 Note that Nessus has not tested for this issue but has...

RHEL 8 : nodejs-normalize-url (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-normalize-url: ReDoS for data URLs CVE-2021-33502 Note that Nessus has not tested for this issue but has...

RHEL 6 : nodejs-minimatch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 Note that Nessus has not tested for this issue b...

RHEL 8 : nodejs-kind-of (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes...

RHEL 8 : nodejs-glob-parent (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-glob-parent: Regular expression denial of service CVE-2020-28469 Note that Nessus has not tested for this...

RHEL 8 : nodejs-debug (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-debug: Regular expression Denial of Service CVE-2017-16137 Note that Nessus has not tested for this issue bu...

RHEL 7 : nodejs-ua-parser-js (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-ua-parser-js: ReDoS in multiple regexes CVE-2020-7793 - The package ua-parser-js before 0.7.22 are...

RHEL 7 : nodejs-handlebars (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true opti...

RLSA-2024:1438 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

nodejs:18 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

nodejs: HTTP Request Smuggling via Content Length Obfuscation

An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request...

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

Rocky Linux 8 : nodejs:20 (RLSA-2024:2778)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2778 advisory. - A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function ...

RHEL 8 : nodejs:16 (RHSA-2024:2793)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2793 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...