4327 matches found
CVE-2023-26136 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-CGGH-PQ45-6H9X vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30589 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30589 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30586 vulnerabilities
Vulnerabilities for packages: nodejs...
AZL-27279 CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...
CVE-2023-30586 vulnerabilities
Vulnerabilities for packages: nodejs...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from loading an arbitrary OpenSSL engine when enabling an experimental privilege model, which can bypass and/or disable the privilege model...
Critical Photon OS Security Update - PHSA-2023-4.0-0417
Updates of 'docker-compose', 'samba-client', 'binutils', 'libXi', 'libtiff', 'binutils-aarch64-linux-gnu', 'protobuf', 'ntp', 'nodejs', 'bindutils', 'kube-bench', 'libarchive' packages of Photon OS have been released...
Important Photon OS Security Update - PHSA-2023-5.0-0041
Updates of 'openssl', 'telegraf', 'dnsmasq', 'nodejs' packages of Photon OS have been released...
SUSE-SU-2023:2663-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...
SUSE-SU-2023:2662-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to version 18.16.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...
Internet Bug Bounty: DiffieHellman doesn't generate keys after setting a key
A security vulnerability was discovered in the DiffieHellman module of Node.js. The module did not generate new keys after setting a private key, potentially leading to the reuse of nonces and compromising security measures such as forward secrecy and IND-CPA...
nodejs:18 security update
An update is available for module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Increased user privileges Node.js has released updates...
GHSA-C2QF-RXJJ-QQGW vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2022-25883 vulnerabilities
Vulnerabilities for packages: nodejs...
AZL-27207 CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
AZL-27208 CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
Critical Photon OS Security Update - PHSA-2023-3.0-0602
Updates of 'syslinux', 'nodejs' packages of Photon OS have been released...