DSA-5589-1 nodejs - security update

Bulletin has no description...

Denial Of Service (DoS)

@octokit/webhooks is vulnerable to Denial Of Service DoS. The vulnerability is caused by a lack of exception handling in the verifyAndReceive method within src/verify-and-receive.ts. This method internally calls another method verify which throws an exception which remains unhandled. This uncaugh...

CVE-2023-50728

An uncaught exception vulnerability was found in octokit webhooks. An error may be undefined in some cases, and the resulting request can cause an uncaught exception that ends the nodejs process...

PT-2023-31626 · Github · Octokit/Webhooks +1

Name of the Vulnerable Software and Affected Versions: octokit/webhooks versions 9.26.0 through 9.26.2 octokit/webhooks versions 10.9.0 through 10.9.1 octokit/webhooks versions 11.1.0 through 11.1.1 octokit/webhooks versions 12.0.0 through 12.0.3 Description: The issue is caused by a problem with...

GHSA-4G6Q-77J7-VVJC Logging of the firestore key within nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

Logging of the firestore key within nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

CVE-2023-6460

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

CVE-2023-6460

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

Code injection

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

CVE-2023-6460

CVE-2023-6460 affects Google nodejs-firestore. The issue arises from logging this._settings, which can cause leakage of the Firestore key to log files with read access. Reported across multiple sources, including NVD and OSV, with remediation guidance to upgrade to version 6.1.0 where the issue i...

CVE-2023-6460 Information leak in nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

Google nodejs-firestore Security Vulnerability

Google nodejs-firestore is a NoSQL document database by Google, Inc. A security vulnerability exists in Google nodejs-firestore versions prior to 6.1.0, which stems from the presence of potential logging that could be exposed to anyone with log read access...

PT-2023-32673

Name of the Vulnerable Software and Affected Versions nodejs-firestore versions prior to 6.1.0 Description A potential logging issue exists within nodejs-firestore, where developers logging objects through this. settings may inadvertently log the firestore key, potentially exposing it to anyone...

Denial Of Service (DoS)

nodejs is vulnerable to Denial Of Service DoS. The vulnerability exists when an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API. A non-expected termination occurs, making it susceptible to Denial of Service DoS attacks. In this scenario, an attacker...

Inconsistency Between Implementation And Documented Design

nodejs is vulnerable to Inconsistency Between Implementation and Documented Design. The vulnerability is due to generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys.This discrepancy between the documented and actual behavior of the API allows ...

Prototype Pollution

NodeJS is vulnerable to Prototype Pollution. The vulnerability is caused due to bypassing the policy mechanism in the use of proto in process.mainModule.proto.require. This can lead to require and load modules outside of the policy.json definition...

CVE-2023-30590 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30588 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30588 vulnerabilities

Vulnerabilities for packages: nodejs...

DEBIAN-CVE-2023-30588

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key inf...