Debian DSA-5395-1 : nodejs - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5395 advisory. An untrusted search path vulnerability was discovered in Node.js, which could result in unexpected searching or loading ICU data when running with elevated privileges. For...

RCE in developer mode

Description Nuxt contains a test-component-wrapper component. This is used to mount a single component for testing. This component has a dynamic import function which accepts arbitrary user input on the server side. This pattern will almost always lead to an RCE bug. Requirements & Notes The serv...

Malicious code in nodejs-encrypt-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f59ac2ca2c204c22b2a5f11db9eef454f786803297f219aeb3e179dbe656ae07 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nodejs-cookie-proxy-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 950519ee04e89711e7732a030f308fa4bbb8f2dfa48713ba1070bbaaaa32070c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-635 Malicious code in nodejs-cookie-proxy-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 950519ee04e89711e7732a030f308fa4bbb8f2dfa48713ba1070bbaaaa32070c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Striker - A Command And Control (C2)

Striker is a simple Command and Control C2 program. Disclaimer This project is under active development. Most of the features are experimental, with more to come. Expect breaking changes. Features A Agents Native agents for linux and windows hosts. Self-contained, minimal python agent should you...

SUSE-SU-2023:1924-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...

SUSE-SU-2023:1923-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...

CentOS 8 : nodejs:16 (CESA-2023:1582)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1582 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

nodejs: Certificate Verification Bypass via String Injection

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host...

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a...

nodejs-minimatch: ReDoS via the braceExpand function

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

QuadraInspect - Android Framework That Integrates AndroPass, APKUtil, And MobFS, Providing A Powerful Tool For Analyzing The Security Of Android Applications

The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored on them. With the rise of Android OS as the most popular mobile platform, the need for effective tools to assess its security has also increased. In response to this need, a ne...

nodejs:14 security, bug fix, and enhancement update

nodejs 1:14.21.3-1 - Rebase to 14.21.3 Resolves: rhbz2153712 Resolves: CVE-2022-25881 CVE-2023-23918 CVE-2023-23920 CVE-2022-38900 Resolves: CVE-2022-4904...

Vulnerability fixed in Node.js vm2

A vulnerability has been fixed in vm2. vm2 is a package for Node.js and provides a sandbox environment for running untrusted code. The vulnerability allows a malicious party to to break out of the sandbox and thus execute code on the system on which vm2 is running. The way the vulnerability can b...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon, nodejs-nodemon, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

vm2 安全漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A security vulnerability exists in vm2 versions prior to 3.9.15 that stems from vm2 not properly handling passed host...

nodejs:16 security, bug fix, and enhancement update

nodejs 1:16.19.1-1 - Rebase to 16.19.1 Resolves: rhbz2153713 Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 Resolves: CVE-2022-25881 CVE-2022-4904 nodejs-nodemon 2.0.20-3 - Patch bundled glob-parent Resolves: CVE-2021-35065...

nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.14.2-2 - Provide simduft 1:18.14.2-1 - Rebase to 18.14.2 - Resolves: 2178087 - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920...