CVE-2023-30590 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30585 vulnerabilities

Vulnerabilities for packages: nodejs...

DEBIAN-CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

CVE-2023-30581 vulnerabilities

Vulnerabilities for packages: nodejs...

node-openssl Security Vulnerabilities

node-openssl is the openssl package for nodejs. A security vulnerability exists in node-openssl version 2.0.0 and earlier, which stems from a security flaw in the opts parameter...

Ubuntu: Security Advisory (USN-6491-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nodejs:20 security update

nodejs 1:20.8.1-1 - Update node and nghttp - Add fips patch - Fixes CVE-2023-44487 nghttp - Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333 nodejs-nodemon nodejs-packaging...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs: permission model improperly protects against path traversal

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations...

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

nodejs: path traversal through path stored in Uint8Array

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: permission model improperly...

Malicious code in resume-sourcing-nodejs-client-credentials (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63bf870804a0bc378ff856c7e19723430ff40b603bebd5c485f101b20ae69e12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Rocky Linux 8 : nodejs:12 (RLSA-2020:1293)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:1293 advisory. - An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exist...

Rocky Linux 8 : nodejs:10 (RLSA-2020:2848)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:2848 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a...

Rocky Linux 8 : nodejs:10 (RLSA-2020:1317)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:1317 advisory. - An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exist...

Rocky Linux 9 : nodejs:18 (RLSA-2022:8832)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8832 advisory. - A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand functio...

Rocky Linux 8 : nodejs:16 (RLSA-2023:4034)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4034 advisory. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-412)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-412 advisory. When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy...

Malicious code in ironfish-rust-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c72ce118b54d6f7c389cffe8b206419fdb96d698e61557ce25e5240a5ca6c38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...