Headline
RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses
- CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
- CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields
- CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
- CVE-2022-33987: got: missing verification of requested URLs allows redirects to UNIX sockets
Synopsis
Moderate: nodejs:14 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
- nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
- nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
- nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
- got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- nodejs:14/nodejs: rebase to latest upstream release (BZ#2106367)
- nodejs:14/nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2111417)
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets
- BZ - 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses
- BZ - 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
- BZ - 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields
- BZ - 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
- BZ - 2106367 - nodejs:14/nodejs: rebase to latest upstream release [rhel-8.6.0.z]
CVEs
- CVE-2022-32212
- CVE-2022-32213
- CVE-2022-32214
- CVE-2022-32215
- CVE-2022-33987
Red Hat Enterprise Linux for x86_64 8
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
x86_64
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
x86_64
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
x86_64
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
s390x
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: c6b898ca0a72f0b4cf4db3d72ed069b0f8aefe854a829fcbde8c232b88cf1a6d
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: a3daadabad927658e4fd0a50bea210a0af74c0224433fa48998b85f264309d31
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: 8b5571896e669fe9b66fd8a80010b5066aa55bb4460663694d475f4aa03abf41
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: 81cb52c4e9c196dc5d57d2f79afd327cafde81e0a3f9ca5bdfedc2351b0391c1
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: 5e692d82772f164f995f702fdab71f13e4f4c6bf872ccadd0d592b8aef40c9f0
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: 373edac8075cb62b72d5c87685ddaa211e88207f43944dd546feb7c5ed415aec
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
s390x
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: c6b898ca0a72f0b4cf4db3d72ed069b0f8aefe854a829fcbde8c232b88cf1a6d
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: a3daadabad927658e4fd0a50bea210a0af74c0224433fa48998b85f264309d31
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: 8b5571896e669fe9b66fd8a80010b5066aa55bb4460663694d475f4aa03abf41
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: 81cb52c4e9c196dc5d57d2f79afd327cafde81e0a3f9ca5bdfedc2351b0391c1
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: 5e692d82772f164f995f702fdab71f13e4f4c6bf872ccadd0d592b8aef40c9f0
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.s390x.rpm
SHA-256: 373edac8075cb62b72d5c87685ddaa211e88207f43944dd546feb7c5ed415aec
Red Hat Enterprise Linux for Power, little endian 8
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
ppc64le
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: 45d25d70bb34ddca9e03b62c31b01e413ba4999939e78d1369a6c0d1d992f1e8
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: b4584286c1daca4e18e5dd8201ff1e593eca92f735e20a9bd13d5a5ca83d5da9
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: db8c85b883d553ad7f22f3af164d3ae10c9b855b8930f37182eb41da7489d267
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: b992123c22962f3d812eb21f77dcc178b630c38e10b2480c7028814892c28abc
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: c3d96b6feefc420a42fb6cb597a23a47e754622be0cdbe1cac6f1773076eeb6a
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: bb4d2a0be17912c3c9689ed4af6e8f6061f5627fb1688acc32e8a61edafb6c23
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
ppc64le
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: 45d25d70bb34ddca9e03b62c31b01e413ba4999939e78d1369a6c0d1d992f1e8
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: b4584286c1daca4e18e5dd8201ff1e593eca92f735e20a9bd13d5a5ca83d5da9
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: db8c85b883d553ad7f22f3af164d3ae10c9b855b8930f37182eb41da7489d267
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: b992123c22962f3d812eb21f77dcc178b630c38e10b2480c7028814892c28abc
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: c3d96b6feefc420a42fb6cb597a23a47e754622be0cdbe1cac6f1773076eeb6a
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: bb4d2a0be17912c3c9689ed4af6e8f6061f5627fb1688acc32e8a61edafb6c23
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
x86_64
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799
Red Hat Enterprise Linux for ARM 64 8
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
aarch64
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 8efa10a873f75b6fe0e42ab9f0a1b99bcd51127f6bbb33c84c6c273b20ed6ebb
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: d3e397f19c43804fbd903090084b4c32872ea46edf33d80117e9bb798e10d83e
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 584eee2b72ce0870bb35ad35168bf9a2eec0e41ae6b83dc454ba3aa483d41715
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 0e2f0a67ebd94f2f3e3ea279cacce9b5e6446c351012fc318cbc18faa520709c
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 5d55b4bbbc64980d6878acf46176523ac485a42acc69a22041a03364db3298da
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 137b84c57e64db0020c4881907bfc264133debf3befe1dac59fffc389b3014d9
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
aarch64
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 8efa10a873f75b6fe0e42ab9f0a1b99bcd51127f6bbb33c84c6c273b20ed6ebb
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: d3e397f19c43804fbd903090084b4c32872ea46edf33d80117e9bb798e10d83e
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 584eee2b72ce0870bb35ad35168bf9a2eec0e41ae6b83dc454ba3aa483d41715
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 0e2f0a67ebd94f2f3e3ea279cacce9b5e6446c351012fc318cbc18faa520709c
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 5d55b4bbbc64980d6878acf46176523ac485a42acc69a22041a03364db3298da
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm
SHA-256: 137b84c57e64db0020c4881907bfc264133debf3befe1dac59fffc389b3014d9
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
ppc64le
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: 45d25d70bb34ddca9e03b62c31b01e413ba4999939e78d1369a6c0d1d992f1e8
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: b4584286c1daca4e18e5dd8201ff1e593eca92f735e20a9bd13d5a5ca83d5da9
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: db8c85b883d553ad7f22f3af164d3ae10c9b855b8930f37182eb41da7489d267
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: b992123c22962f3d812eb21f77dcc178b630c38e10b2480c7028814892c28abc
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: c3d96b6feefc420a42fb6cb597a23a47e754622be0cdbe1cac6f1773076eeb6a
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm
SHA-256: bb4d2a0be17912c3c9689ed4af6e8f6061f5627fb1688acc32e8a61edafb6c23
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm
SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm
SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709
x86_64
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm
SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm
SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm
SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799
Related news
Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrec...
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
All security issues have been patched – update now
All security issues have been patched – update now
All security issues have been patched – update now
All security issues have been patched – update now
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.