CVE-2023-32004

A vulnerability was found in NodeJS. This security issue occurs as improper handling of buffers in file system APIs, causing a traversal path to bypass when verifying file permissions. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the R...

CVE-2023-32003

A vulnerability was found in NodeJS. This security issue occurs as fs.mkdtemp and fs.mkdtempSync can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp API, and the impact is a malicious actor could create an arbitra...

MAL-2023-1076 Malicious code in wasabi-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1a47529c7afca95337513fc02161d3429f5b5e4fa1ff3f80484688148b152ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wasabi-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1a47529c7afca95337513fc02161d3429f5b5e4fa1ff3f80484688148b152ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20, which stems from a vulnerability that allows an attacker to retrieve statistical information from restricted files using fs.statfs...

AlmaLinux 8 : nodejs:18 (ALSA-2023:4536)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4536 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...

Important: nodejs

Issue Overview: Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range. CVE-2022-25883 Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

Moderate: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : nodejs:18 (RHSA-2023:4536)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4536 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 8 : nodejs:16 (RHSA-2023:4537)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4537 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CVE-2023-31147 affecting package nodejs for versions less than 16.20.1-2

CVE-2023-31147 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2

CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2. A patched version of the package is available...

CVE-2023-31130 affecting package nodejs for versions less than 16.20.1-2

CVE-2023-31130 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2

CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2

CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2

CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2. An upgraded version of the package is available that resolves this issue...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update

Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

18 security, bug fix, and enhancement update

nodejs 1:18.16.1-1 - Rebase to 18.16.1 Resolves: rhbz2188292 rhbz2187683 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz2222285 nodejs-nodemon nodejs-packaging...

nodejs security, bug fix, and enhancement update

1:16.20.1-1 - Rebase to 16.20.1 Resolves: rhbz2188291 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz2177781...