Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6389: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses
  • CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
  • CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields
  • CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
  • CVE-2022-33987: got: missing verification of requested URLs allows redirects to UNIX sockets
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-09-08

Updated:

2022-09-08

RHSA-2022:6389 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.20.0).

Security Fix(es):

  • nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
  • nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
  • nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
  • nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
  • got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets
  • BZ - 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses
  • BZ - 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
  • BZ - 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields
  • BZ - 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
  • BZ - 2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]

CVEs

  • CVE-2022-32212
  • CVE-2022-32213
  • CVE-2022-32214
  • CVE-2022-32215
  • CVE-2022-33987

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM

rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm

SHA-256: 35f6715bdb3d8485918c51eee76f4d1e43d22cbbbc521240996d9ac06ac5397d

rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm

SHA-256: 2fe527f218a0db606bb47ecf1488e93a466c809cae20e640dfa6bd30e0f261a1

x86_64

rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm

SHA-256: 183bf341228b25d5b820a7af729af7413ec0fe6f4b8a6d6f6541e86b21681777

rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm

SHA-256: 560fa9ae7417010406efb1a38bcac3f3467a9f0ee3a33170bd51dd81158dcbb8

rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm

SHA-256: 81b93e85e91d5b85b4cdbaf590623c6be78dc87f8c51406777ef95c2a64386ce

rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm

SHA-256: 2b14e62e080b9744a3c952ce867b1354a68e728c5646c2716ddbec13b024d58f

rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm

SHA-256: 99f90e853016083b964fb782368fdf4049f86b705032e9f9d6d1e37cbb2a507e

rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm

SHA-256: efdb5443bc856adebd7c62b3caabd28dfdeb4c78dd43e04dad69e1bf49226412

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM

rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm

SHA-256: 35f6715bdb3d8485918c51eee76f4d1e43d22cbbbc521240996d9ac06ac5397d

rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm

SHA-256: 2fe527f218a0db606bb47ecf1488e93a466c809cae20e640dfa6bd30e0f261a1

s390x

rh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm

SHA-256: 490569d79beecab5d01c60fe7e082fe5e816757540c827c15ea46a69eafc701d

rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm

SHA-256: 8d7b55f6c4c2aa31f1e818f3113e0e7e5712086741215eed909aede9df4a9454

rh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm

SHA-256: 0de6792f70ae0ce0fcd61b1f8380810c059c592e504d6d8eec48f7c417571da7

rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm

SHA-256: 2b14e62e080b9744a3c952ce867b1354a68e728c5646c2716ddbec13b024d58f

rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm

SHA-256: 99f90e853016083b964fb782368fdf4049f86b705032e9f9d6d1e37cbb2a507e

rh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm

SHA-256: 6860b4f35b8afacf235ca762f8437278602e0ccb28e942e78858d970a7155c4f

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM

rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm

SHA-256: 35f6715bdb3d8485918c51eee76f4d1e43d22cbbbc521240996d9ac06ac5397d

rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm

SHA-256: 2fe527f218a0db606bb47ecf1488e93a466c809cae20e640dfa6bd30e0f261a1

ppc64le

rh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm

SHA-256: 2d331b1fb28ec65de64ed27710ab69525a4e21ecf92b4935d108b528d4ffd18a

rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm

SHA-256: 8742e8ec559b375f7240678af1451c9434e8da70aff6cec6aad3b9306c5b72ba

rh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm

SHA-256: 7fcf3b72b215af3a142cb18645562d3923753e7457e8ff772fdd82486ddbef2a

rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm

SHA-256: 2b14e62e080b9744a3c952ce867b1354a68e728c5646c2716ddbec13b024d58f

rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm

SHA-256: 99f90e853016083b964fb782368fdf4049f86b705032e9f9d6d1e37cbb2a507e

rh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm

SHA-256: b3afa76896fa5229f17da0ce4f651764ebe89c7afca26d93c5148158150d5a80

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM

rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm

SHA-256: 35f6715bdb3d8485918c51eee76f4d1e43d22cbbbc521240996d9ac06ac5397d

rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm

SHA-256: 2fe527f218a0db606bb47ecf1488e93a466c809cae20e640dfa6bd30e0f261a1

x86_64

rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm

SHA-256: 183bf341228b25d5b820a7af729af7413ec0fe6f4b8a6d6f6541e86b21681777

rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm

SHA-256: 560fa9ae7417010406efb1a38bcac3f3467a9f0ee3a33170bd51dd81158dcbb8

rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm

SHA-256: 81b93e85e91d5b85b4cdbaf590623c6be78dc87f8c51406777ef95c2a64386ce

rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm

SHA-256: 2b14e62e080b9744a3c952ce867b1354a68e728c5646c2716ddbec13b024d58f

rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm

SHA-256: 99f90e853016083b964fb782368fdf4049f86b705032e9f9d6d1e37cbb2a507e

rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm

SHA-256: efdb5443bc856adebd7c62b3caabd28dfdeb4c78dd43e04dad69e1bf49226412

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

Ubuntu Security Notice USN-6491-1

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Debian Security Advisory 5326-1

Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Red Hat Security Advisory 2022-6985-01

Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

RHSA-2022:6985: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrec...

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32212: CVE - CVE-2018-7160

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32214

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

GHSA-pfrx-2q88-qq97: Got allows a redirect to a UNIX socket

The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.