CVE-2023-35945 affecting package nodejs for versions less than 16.20.2-2

CVE-2023-35945 affecting package nodejs for versions less than 16.20.2-2. A patched version of the package is available...

CVE-2023-32002 affecting package nodejs for versions less than 16.20.2-2

CVE-2023-32002 affecting package nodejs for versions less than 16.20.2-2. An upgraded version of the package is available that resolves this issue...

Input validation

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

AlmaLinux 8 : nodejs:16 (ALSA-2023:5360)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5360 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodejs:...

CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

AlmaLinux 9 : nodejs:18 (ALSA-2023:5363)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5363 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodejs:...

CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

nodejs: Permissions policies can be bypassed via process.binding

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...

nodejs: Permissions policies can be bypassed via process.binding

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...

nodejs: process interuption due to invalid Public Key information in x509 certificates

A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as...

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

nodejs: Permissions policies can be bypassed via Module._load

A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

nodejs: Permissions policies can be bypassed via process.binding

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...

RHEL 9 : nodejs:18 (RHSA-2023:5363)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5363 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 8 : nodejs:16 (RHSA-2023:5361)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5361 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...