nodejs: path traversal by monkey-patching buffer internals

A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from to obtain a buffer from the result of path.resolve. By...

nodejs: setuid() does not drop all privileges due to io_uring

A flaw was found in Node.js, where the setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid...

nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write

A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/...

nodejs:20 security update

nodejs 1:20.11.1-1 - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 high - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 medium nodejs-nodemon nodejs-packaging...

RHEL 8 : nodejs:20 (RHSA-2024:1687)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1687 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 9 : nodejs:20 (RHSA-2024:1688)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1688 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs:20 security update

nodejs 1:20.11.1-1 - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 high - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 medium nodejs-nodemon nodejs-packaging...

Updated nodejs packages fix security vulnerabilities

Nodejs 20.12.1 release fixes 2 CVE: CVE-2024-27983 - Assertion failed in node::http2::Http2Session::Http2Session leads to HTTP/2 server crash- High CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - Medium...

MGASA-2024-0110 Updated nodejs packages fix security vulnerabilities

Nodejs 20.12.1 release fixes 2 CVE: CVE-2024-27983 - Assertion failed in node::http2::Http2Session::Http2Session leads to HTTP/2 server crash- High CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - Medium...

CVE-2024-30261

A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered with. Mitigation Mitigation for this issue is either not available or the currently available...

CVE-2024-30260

A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header. Mitigation Mitigation for this issue is either not...

AZL-39734 CVE-2024-30260 affecting package nodejs for versions less than 20.14.0-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

AZL-39803 CVE-2024-30260 affecting package nodejs18 for versions less than 18.20.2-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

AZL-39773 CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

AZL-39819 CVE-2024-30261 affecting package nodejs18 for versions less than 18.20.2-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

AZL-39148 CVE-2024-28182 affecting package nodejs18 for versions less than 18.20.3-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

Impact Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. Patches This has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75. Fixes has been released in v5.28.4 and v6.11.1. Workarounds...

CVE-2024-27983

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...