ALSA-2023:0321 Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: minimist: prototype pollution...

RHEL 7 : rh-nodejs10-nodejs (RHSA-2020:0597)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0597 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: minimist: prototype pollution...

RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5086)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5086 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

46c-sector (>=1.0.0 <=1.2.1), @aatishgh/antora_site_generator_lunr_custom (>=0.4.0 <=0.4.3) +430 more potentially affected by CVE-2023-0163 via convict (>=0.0.6 <=6.2.3)

convict NPM version =0.0.6, =1.0.0, =0.4.0, =0.0.1, =0.0.2, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =0.0.1, =1.0.0, =0.0.1, =2.1.0, =2.0.0, =3.0.2 and more Source cves: CVE-2023-0163 Source advisory: OSV:GHSA-4JRM-C32X-W4JF...

AlmaLinux 8 : nodejs:14 (ALSA-2023:0050)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0050 advisory. minimist: prototype pollution CVE-2021-44906 node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 nodejs-minimatch: ReDoS...

nodejs: DNS rebinding in inspect via invalid octal IP address

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

nodejs-minimatch: ReDoS via the braceExpand function

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

Oracle Linux 8 : nodejs:14 (ELSA-2023-0050)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0050 advisory. - Apply upstream fix for CVE-2022-24999 Resolves: CVE-2022-24999 - Record CVEs fixed by current or previous upstream releases Resolves: CVE-2021-44906...

nodejs:14 security, bug fix, and enhancement update

nodejs 1:14.21.1-2 - Apply upstream fix for CVE-2022-24999 Resolves: CVE-2022-24999 - Record CVEs fixed by current or previous upstream releases Resolves: CVE-2021-44906 1:14.21.1-1 - Rebase to version 14.21.1 Resolves: rhbz2129805 CVE-2022-43548 CVE-2022-3517...

RHEL 8 : nodejs:14 (RHSA-2023:0050)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0050 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

AZL-43849 CVE-2017-20162 affecting package nodejs-nodemon 2.0.3-4

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

CVE-2022-35256 affecting package nodejs 14.20.1-2

CVE-2022-35256 affecting package nodejs 14.20.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-43548 affecting package nodejs 14.20.1-2

CVE-2022-43548 affecting package nodejs 14.20.1-2. An upgraded version of the package is available that resolves this issue...

K82567234: NodeJS vulnerability CVE-2022-32215

Security Advisory Description The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. CVE-2022-32215 Impact Impact There is no impact; F5 products are not affected b...

UBUNTU-CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4028 more potentially affected by CVE-2022-25893 via vm2 (>=1.0.1 <=3.9.1)

vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.23.0-alpha.1 and more Source cves: CVE-2022-25893 Source advisory: OSV:GHSA-4W2J-2RG4-5MJW...

CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2

CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2. An upgraded version of the package is available that resolves this issue...

63pokupki-nodejs-common (=0.0.2), 7ghost (>=4.11.0 <=4.11.46) +3043 more potentially affected by CVE-2016-20018 via knex (>=0.10.0 <=2.3.0)

knex NPM version =0.10.0, =4.11.0, =1.0.0, =1.0.0, =0.0.2, =1.0.0, =0.0.1, =0.0.2, =1.0.2, =0.0.2, =0.0.1, =0.6.0, =2.1.0 and more Source cves: CVE-2016-20018 Source advisory: OSV:GHSA-4JV9-3563-23J3...

RHEL 8 : nodejs:16 (RHSA-2022:9073)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:9073 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...