Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8833: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function
  • CVE-2022-43548: nodejs: DNS rebinding in inspect via invalid octal IP address
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-12-06

Updated:

2022-12-06

RHSA-2022:8833 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: nodejs:18 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: nodejs (18.12.1), nodejs-nodemon (2.0.20). (BZ#2142818)

Security Fix(es):

  • nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
  • nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function
  • BZ - 2140911 - CVE-2022-43548 nodejs: DNS rebinding in inspect via invalid octal IP address
  • BZ - 2142818 - nodejs:18/nodejs: Rebase to the latest Nodejs 18 release [rhel-8] [rhel-8.7.0.z]

Red Hat Enterprise Linux for x86_64 8

SRPM

nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99.src.rpm

SHA-256: 2ba6d20a4e72ecb7b5ce585f5f5c582335cff21b540af87c58d18eb6303083f5

nodejs-nodemon-2.0.20-1.module+el8.7.0+17282+f47dd33b.src.rpm

SHA-256: 492ff6b18a2266bb4b415f70c76efa75b5f6fc44b88013cd480c9e8ab3ea59e8

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

x86_64

nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99.x86_64.rpm

SHA-256: 049899443bac05c10b9493f8f34b77cd2a884c88e76b94b926dafcc7351e9af0

nodejs-debuginfo-18.12.1-2.module+el8.7.0+17306+fc023f99.x86_64.rpm

SHA-256: 385e3699ac455704efcb0b90e3391859b47ec5ab30323eca47de875b099cc529

nodejs-debugsource-18.12.1-2.module+el8.7.0+17306+fc023f99.x86_64.rpm

SHA-256: eb9eeb8419df42a65e1655bcc5240b0cd89f37c0e370108013037cf8d662e9d6

nodejs-devel-18.12.1-2.module+el8.7.0+17306+fc023f99.x86_64.rpm

SHA-256: 8a3289f003dcd9cf0ddd66924e68b80eea1f5021008b9e38dc289792579cb6cd

nodejs-docs-18.12.1-2.module+el8.7.0+17306+fc023f99.noarch.rpm

SHA-256: ce10f4e3504286155e35265cf331d38d13255155c89f741d4ed4352019497145

nodejs-full-i18n-18.12.1-2.module+el8.7.0+17306+fc023f99.x86_64.rpm

SHA-256: d1f1796bb9972ec8e00a0e712acd7a4d5fb82ca1bd0dcfd8341051449c421a33

nodejs-nodemon-2.0.20-1.module+el8.7.0+17282+f47dd33b.noarch.rpm

SHA-256: 354b8acb590ec7aea5199b5037d22b5465cfe19bfd2f953cba939cf45261a2a9

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

npm-8.19.2-1.18.12.1.2.module+el8.7.0+17306+fc023f99.x86_64.rpm

SHA-256: f75d3ac6879076e1e28b6e5f4a559c3f505654d1d2f91ecfcf6e35b49d32c362

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99.src.rpm

SHA-256: 2ba6d20a4e72ecb7b5ce585f5f5c582335cff21b540af87c58d18eb6303083f5

nodejs-nodemon-2.0.20-1.module+el8.7.0+17282+f47dd33b.src.rpm

SHA-256: 492ff6b18a2266bb4b415f70c76efa75b5f6fc44b88013cd480c9e8ab3ea59e8

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

s390x

nodejs-docs-18.12.1-2.module+el8.7.0+17306+fc023f99.noarch.rpm

SHA-256: ce10f4e3504286155e35265cf331d38d13255155c89f741d4ed4352019497145

nodejs-nodemon-2.0.20-1.module+el8.7.0+17282+f47dd33b.noarch.rpm

SHA-256: 354b8acb590ec7aea5199b5037d22b5465cfe19bfd2f953cba939cf45261a2a9

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99.s390x.rpm

SHA-256: 06c9d7ec888464f89ec8cf11caf4cf44a2d7d01a47713528445c56fddb796140

nodejs-debuginfo-18.12.1-2.module+el8.7.0+17306+fc023f99.s390x.rpm

SHA-256: 40c0044453d02f8d3eec5f8fd88db08a04c15f0059a6d79a8e07241001facb27

nodejs-debugsource-18.12.1-2.module+el8.7.0+17306+fc023f99.s390x.rpm

SHA-256: 7ec3b2d4d0827eb7a33251929666e44a6ca39370b463509283b52c6b4e328400

nodejs-devel-18.12.1-2.module+el8.7.0+17306+fc023f99.s390x.rpm

SHA-256: 23811309b43074f1bdc93edb3832b9bde43f495ec582027e79265ed968e13812

nodejs-full-i18n-18.12.1-2.module+el8.7.0+17306+fc023f99.s390x.rpm

SHA-256: 229947748ef93f2024f854e773ded2d98ce948f904fcc97d532e55d30552d413

npm-8.19.2-1.18.12.1.2.module+el8.7.0+17306+fc023f99.s390x.rpm

SHA-256: 90011c3a0f6afec48a5b3fd4888b28df49906239e4624c9d7ecc2a0d74609405

Red Hat Enterprise Linux for Power, little endian 8

SRPM

nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99.src.rpm

SHA-256: 2ba6d20a4e72ecb7b5ce585f5f5c582335cff21b540af87c58d18eb6303083f5

nodejs-nodemon-2.0.20-1.module+el8.7.0+17282+f47dd33b.src.rpm

SHA-256: 492ff6b18a2266bb4b415f70c76efa75b5f6fc44b88013cd480c9e8ab3ea59e8

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

ppc64le

nodejs-docs-18.12.1-2.module+el8.7.0+17306+fc023f99.noarch.rpm

SHA-256: ce10f4e3504286155e35265cf331d38d13255155c89f741d4ed4352019497145

nodejs-nodemon-2.0.20-1.module+el8.7.0+17282+f47dd33b.noarch.rpm

SHA-256: 354b8acb590ec7aea5199b5037d22b5465cfe19bfd2f953cba939cf45261a2a9

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99.ppc64le.rpm

SHA-256: d770ee06b2739bd026551d37830422e8b97b375336ff2bc8166631b818801b41

nodejs-debuginfo-18.12.1-2.module+el8.7.0+17306+fc023f99.ppc64le.rpm

SHA-256: 625bd38d00448a2d8f16448cd1b4b75cad845364079813d5b31d3cd50e47f5b3

nodejs-debugsource-18.12.1-2.module+el8.7.0+17306+fc023f99.ppc64le.rpm

SHA-256: b4de223304474cd9347c49a7dc729506368e94ed58d0ed2e3b9aa7ef60ec79e7

nodejs-devel-18.12.1-2.module+el8.7.0+17306+fc023f99.ppc64le.rpm

SHA-256: 4de1d68e50fbf9eae7cccfa94ad6f75a880192a749ee481d3fbef17e7597ec8a

nodejs-full-i18n-18.12.1-2.module+el8.7.0+17306+fc023f99.ppc64le.rpm

SHA-256: ffd8883e0bd8dad69aace89f5c64ad45e5becb7a881cc7c17e73781081258aba

npm-8.19.2-1.18.12.1.2.module+el8.7.0+17306+fc023f99.ppc64le.rpm

SHA-256: 2f01cc11286accf328d558db29ff5cef4b3cf94ad456d13228a28791c2fa3e6e

Red Hat Enterprise Linux for ARM 64 8

SRPM

nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99.src.rpm

SHA-256: 2ba6d20a4e72ecb7b5ce585f5f5c582335cff21b540af87c58d18eb6303083f5

nodejs-nodemon-2.0.20-1.module+el8.7.0+17282+f47dd33b.src.rpm

SHA-256: 492ff6b18a2266bb4b415f70c76efa75b5f6fc44b88013cd480c9e8ab3ea59e8

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

aarch64

nodejs-docs-18.12.1-2.module+el8.7.0+17306+fc023f99.noarch.rpm

SHA-256: ce10f4e3504286155e35265cf331d38d13255155c89f741d4ed4352019497145

nodejs-nodemon-2.0.20-1.module+el8.7.0+17282+f47dd33b.noarch.rpm

SHA-256: 354b8acb590ec7aea5199b5037d22b5465cfe19bfd2f953cba939cf45261a2a9

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.12.1-2.module+el8.7.0+17306+fc023f99.aarch64.rpm

SHA-256: 08017401e132d7e44e5b548feedd22815a068eff8147992522d5a89464f500bc

nodejs-debuginfo-18.12.1-2.module+el8.7.0+17306+fc023f99.aarch64.rpm

SHA-256: 6e21683d7dacce90ad10c551aa71365fd307d864ff64916146c367f587f2d1c9

nodejs-debugsource-18.12.1-2.module+el8.7.0+17306+fc023f99.aarch64.rpm

SHA-256: 1c34bbfc106c113c76cceae5f82b8070c4633a608f0fd330fa078a3bce8216a3

nodejs-devel-18.12.1-2.module+el8.7.0+17306+fc023f99.aarch64.rpm

SHA-256: ac6636f4fa60d2684b8d03bc880398d3bd1fb8c9a4000e9d835951567d1afc0f

nodejs-full-i18n-18.12.1-2.module+el8.7.0+17306+fc023f99.aarch64.rpm

SHA-256: 45f72cc21dc64b79e243ce3b5156112ba08b22b798fab5ab8712a87acbf05c0a

npm-8.19.2-1.18.12.1.2.module+el8.7.0+17306+fc023f99.aarch64.rpm

SHA-256: 07cdf3f0b05dc45c44c21a5fb8f1a7f2c141857aba38b89631bdd43a6c49b590

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

Ubuntu Security Notice USN-6491-1

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Ubuntu Security Notice USN-6086-1

Ubuntu Security Notice 6086-1 - It was discovered that minimatch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-1743-01

Red Hat Security Advisory 2023-1743-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

RHSA-2023:1742: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44531: A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry...

RHSA-2023:1743: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-3517: A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) whe...

RHSA-2023:1533: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44906: An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to tr...

RHSA-2023:0612: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44906: An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker t...

Red Hat Security Advisory 2023-0471-01

Red Hat Security Advisory 2023-0471-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1). Issues addressed include a denial of service vulnerability.

RHSA-2023:0471: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-25914: jib-core: RCE via the isDockerInstalled * CVE-2022-37603: loader-utils:Regular expression denial of service * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays * CVE-2022...

Debian Security Advisory 5326-1

Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

RHSA-2023:0321: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44906: minimist: prototype pollution * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields * CVE-2022-43548: nodejs: DNS rebinding in inspect via invalid octal IP address

Red Hat Security Advisory 2023-0050-01

Red Hat Security Advisory 2023-0050-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

RHSA-2023:0050: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44906: minimist: prototype pollution * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-24999: express: "qs" prototype poisoning causes the hang of the node process * CVE-2022-43548: nodejs: DNS rebinding in inspect via inva...

Red Hat Security Advisory 2022-9073-01

Red Hat Security Advisory 2022-9073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

RHSA-2022:9073: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2021-44906: minimist: prototype pollution * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand fu...

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8832-01

Red Hat Security Advisory 2022-8832-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8833-01

Red Hat Security Advisory 2022-8833-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

RHSA-2022:8832: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-43548: nodejs: DNS rebinding in inspect via invalid octal IP address

CVE-2022-43548: Nov 3 2022 Security Releases | Node.js

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.

CVE-2022-3517: PRISMA-2022-0039 - High vulnerability · Issue #329 · grafana/grafana-image-renderer

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

CVE-2022-0564: Qlik Sense Enterprise on Windows Release notes - November 2021 Initial Release to Patch 16

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.