CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-28155 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, kubeflow-pipelines, opensearch-dashboards...

SUSE-SU-2023:0738-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit

Adversary-in-the-middle AiTM phishing kits are part of an increasing trend that is observed supplanting many other less advanced forms of phishing. AiTM phishing is capable of circumventing multifactor authentication MFA through reverse-proxy functionality. DEV-1101 is an actor tracked by Microso...

SUSE-SU-2023:0715-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

SUSE-SU-2023:0673-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

Critical Photon OS Security Update - PHSA-2023-3.0-0545

Updates of 'nodejs', 'curl', 'containerd', 'haproxy' packages of Photon OS have been released...

AZL-13827 CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

SUSE-SU-2023:0609-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

SUSE-SU-2023:0608-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

Adapter: Open redirect vulnerability in checkSSO

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function...

Internet Bug Bounty: Inadequate Encryption Strength in nodejs-current reads openssl.cnf from /home/iojs/build/... upon startup on MacOS

A cryptographic vulnerability was found in nodejs-current that allowed openssl.cnf to be read from an insecure location upon startup on MacOS, potentially exposing encryption keys or certificates...

DLA-3344-1 nodejs - security update

Bulletin has no description...

ALPINE-CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

AZL-13776 CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

DEBIAN-CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

UBUNTU-CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

UBUNTU-CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

K75532331: iRulesLX debug NodeJS vulnerability CVE-2019-6644

Security Advisory Description Similar to the issue identified in CVE-2018-12120, the BIG-IP system will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. CVE-2019-6644 Impac...

K15311661: NodeJS vulnerability CVE-2016-2086

Security Advisory Description Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. CVE-2016-2086 Impact An attacker may be able to perform HTTP reques...