AlmaLinux 8 : nodejs:16 (ALSA-2023:5850)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5850 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description block...

RHEL 8 : nodejs:18 (RHSA-2023:5869)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5869 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

nodejs: code injection via WebAssembly export names

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

AZL-31614 CVE-2023-38552 affecting package nodejs18 for versions less than 18.18.2-2

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

CVE-2023-39332 vulnerabilities

Vulnerabilities for packages: nodejs...

DEBIAN-CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

CVE-2023-38552 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-39331 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-38552 vulnerabilities

Vulnerabilities for packages: nodejs...

UBUNTU-CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

RHEL 9 : nodejs:18 (RHSA-2023:5849)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5849 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 8 : nodejs:16 (RHSA-2023:5850)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5850 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

SUSE CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

RHEL 9 : nodejs (RHSA-2023:5764)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5764 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

RHEL 8 : nodejs:16 (RHSA-2023:5803)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5803 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

AlmaLinux 9 : nodejs (ALSA-2023:5765)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5765 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...

RHEL 9 : nodejs (RHSA-2023:5765)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5765 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

Important: nodejs

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nodejs Issue Correction: Run dnf update nodejs...