Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses
  • CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
  • CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields
  • CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
  • CVE-2022-33987: got: missing verification of requested URLs allows redirects to UNIX sockets
Red Hat Security Data
#vulnerability#linux#red_hat#nodejs#js#java#ibm#sap

Synopsis

Moderate: nodejs:14 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
  • nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
  • nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
  • nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
  • got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • nodejs:14/nodejs: rebase to latest upstream release (BZ#2106367)
  • nodejs:14/nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2111417)

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets
  • BZ - 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses
  • BZ - 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
  • BZ - 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields
  • BZ - 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
  • BZ - 2106367 - nodejs:14/nodejs: rebase to latest upstream release [rhel-8.6.0.z]

CVEs

  • CVE-2022-32212
  • CVE-2022-32213
  • CVE-2022-32214
  • CVE-2022-32215
  • CVE-2022-33987

Red Hat Enterprise Linux for x86_64 8

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

s390x

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: c6b898ca0a72f0b4cf4db3d72ed069b0f8aefe854a829fcbde8c232b88cf1a6d

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: a3daadabad927658e4fd0a50bea210a0af74c0224433fa48998b85f264309d31

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: 8b5571896e669fe9b66fd8a80010b5066aa55bb4460663694d475f4aa03abf41

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: 81cb52c4e9c196dc5d57d2f79afd327cafde81e0a3f9ca5bdfedc2351b0391c1

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: 5e692d82772f164f995f702fdab71f13e4f4c6bf872ccadd0d592b8aef40c9f0

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: 373edac8075cb62b72d5c87685ddaa211e88207f43944dd546feb7c5ed415aec

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

s390x

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: c6b898ca0a72f0b4cf4db3d72ed069b0f8aefe854a829fcbde8c232b88cf1a6d

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: a3daadabad927658e4fd0a50bea210a0af74c0224433fa48998b85f264309d31

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: 8b5571896e669fe9b66fd8a80010b5066aa55bb4460663694d475f4aa03abf41

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: 81cb52c4e9c196dc5d57d2f79afd327cafde81e0a3f9ca5bdfedc2351b0391c1

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: 5e692d82772f164f995f702fdab71f13e4f4c6bf872ccadd0d592b8aef40c9f0

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

SHA-256: 373edac8075cb62b72d5c87685ddaa211e88207f43944dd546feb7c5ed415aec

Red Hat Enterprise Linux for Power, little endian 8

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

ppc64le

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: 45d25d70bb34ddca9e03b62c31b01e413ba4999939e78d1369a6c0d1d992f1e8

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: b4584286c1daca4e18e5dd8201ff1e593eca92f735e20a9bd13d5a5ca83d5da9

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: db8c85b883d553ad7f22f3af164d3ae10c9b855b8930f37182eb41da7489d267

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: b992123c22962f3d812eb21f77dcc178b630c38e10b2480c7028814892c28abc

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: c3d96b6feefc420a42fb6cb597a23a47e754622be0cdbe1cac6f1773076eeb6a

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: bb4d2a0be17912c3c9689ed4af6e8f6061f5627fb1688acc32e8a61edafb6c23

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

ppc64le

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: 45d25d70bb34ddca9e03b62c31b01e413ba4999939e78d1369a6c0d1d992f1e8

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: b4584286c1daca4e18e5dd8201ff1e593eca92f735e20a9bd13d5a5ca83d5da9

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: db8c85b883d553ad7f22f3af164d3ae10c9b855b8930f37182eb41da7489d267

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: b992123c22962f3d812eb21f77dcc178b630c38e10b2480c7028814892c28abc

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: c3d96b6feefc420a42fb6cb597a23a47e754622be0cdbe1cac6f1773076eeb6a

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: bb4d2a0be17912c3c9689ed4af6e8f6061f5627fb1688acc32e8a61edafb6c23

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799

Red Hat Enterprise Linux for ARM 64 8

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

aarch64

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 8efa10a873f75b6fe0e42ab9f0a1b99bcd51127f6bbb33c84c6c273b20ed6ebb

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: d3e397f19c43804fbd903090084b4c32872ea46edf33d80117e9bb798e10d83e

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 584eee2b72ce0870bb35ad35168bf9a2eec0e41ae6b83dc454ba3aa483d41715

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 0e2f0a67ebd94f2f3e3ea279cacce9b5e6446c351012fc318cbc18faa520709c

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 5d55b4bbbc64980d6878acf46176523ac485a42acc69a22041a03364db3298da

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 137b84c57e64db0020c4881907bfc264133debf3befe1dac59fffc389b3014d9

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

aarch64

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 8efa10a873f75b6fe0e42ab9f0a1b99bcd51127f6bbb33c84c6c273b20ed6ebb

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: d3e397f19c43804fbd903090084b4c32872ea46edf33d80117e9bb798e10d83e

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 584eee2b72ce0870bb35ad35168bf9a2eec0e41ae6b83dc454ba3aa483d41715

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 0e2f0a67ebd94f2f3e3ea279cacce9b5e6446c351012fc318cbc18faa520709c

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 5d55b4bbbc64980d6878acf46176523ac485a42acc69a22041a03364db3298da

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

SHA-256: 137b84c57e64db0020c4881907bfc264133debf3befe1dac59fffc389b3014d9

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

ppc64le

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: 45d25d70bb34ddca9e03b62c31b01e413ba4999939e78d1369a6c0d1d992f1e8

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: b4584286c1daca4e18e5dd8201ff1e593eca92f735e20a9bd13d5a5ca83d5da9

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: db8c85b883d553ad7f22f3af164d3ae10c9b855b8930f37182eb41da7489d267

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: b992123c22962f3d812eb21f77dcc178b630c38e10b2480c7028814892c28abc

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: c3d96b6feefc420a42fb6cb597a23a47e754622be0cdbe1cac6f1773076eeb6a

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

SHA-256: bb4d2a0be17912c3c9689ed4af6e8f6061f5627fb1688acc32e8a61edafb6c23

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 7809effb71956fcc6cb7be2bd7da2fabed7511c10eae353c8396579fb71060f4

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm

SHA-256: 231bd757dcc72f6955a979eb8f0c4da3536eaa1224919988bd93de213423de6c

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: c343405a3de971507356aab40b893cbd620c83a4d09c2354618f84be4eb8a66b

nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm

SHA-256: ced099df5aa2f0d10a243ba59dff312b40fe4cb28fd7aa12cb2019214bbe0878

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 5917c896b5daa7c7fa41f38a836fe235c27e8bacf2b74b5cf32d88dcfab0fc7f

nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 7660218de67aaa757e266f775f21aab9cf278ffc394c898de8d8bc9e715a453d

nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: a34a1702f7cde050e18a4de4e2953a819696a04a10d02292ddf25783e5e8c303

nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: b1e7d46f84200098cc8cfe020cdec1567c17c0322301ccfd7c457a64fa336ac9

nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: cb8db59972ae4cbe96c279cb6092cc75673e5e3b195be1c8713e21c0be0c5644

npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

SHA-256: 9c7702cf0f257ee17e74154dd53961befccda7c798dbefc89c5c0d23b437f799

Related news

Ubuntu Security Notice USN-6491-1

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Debian Security Advisory 5326-1

Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Red Hat Security Advisory 2022-6985-01

Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

RHSA-2022:6985: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrec...

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

RHSA-2022:6389: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32212: CVE - CVE-2018-7160

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32214

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

GHSA-pfrx-2q88-qq97: Got allows a redirect to a UNIX socket

The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.