SUSE-SU-2023:2663-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...

SUSE-SU-2023:2662-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to version 18.16.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...

Internet Bug Bounty: DiffieHellman doesn't generate keys after setting a key

A security vulnerability was discovered in the DiffieHellman module of Node.js. The module did not generate new keys after setting a private key, potentially leading to the reuse of nonces and compromising security measures such as forward secrecy and IND-CPA...

nodejs:18 security update

An update is available for module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Increased user privileges Node.js has released updates...

GHSA-C2QF-RXJJ-QQGW vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2022-25883 vulnerabilities

Vulnerabilities for packages: nodejs...

AZL-27207 CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

AZL-27208 CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

Critical Photon OS Security Update - PHSA-2023-3.0-0602

Updates of 'syslinux', 'nodejs' packages of Photon OS have been released...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20 that stems from a restriction that allows the use of a built-in inspector module to bypass flag settings...

Denial Of Service (DoS)

zxcvbn-ts password strength estimator is vulnerable to denial of service DoS. The vulnerability is due to not restricting user supplied input to a maximum value. This leads to unbounded resource consumption resulting in a nodejs crash...

nodejs security update

1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 1:16.19.1-1 - Rebase to 16.19.1 - Resolves: rhbz2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-49...

AlmaLinux 9 : nodejs:18 (ALSA-2023:3577)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3577 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient randomness in...

RHEL 9 : nodejs (RHSA-2023:3586)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3586 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

ALSA-2023:3577 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

CVE-2023-28155 affecting package nodejs 14.21.1-1

CVE-2023-28155 affecting package nodejs 14.21.1-1. A patched version of the package is available...

Medium: nodejs

Issue Overview: An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. CVE-2023-23920 Affected Packages: nodejs Issue Correction: Run dnf update...

Snowflake NodeJS Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...

GHSA-H53W-7QW7-VH5C Snowflake NodeJS Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...