Headline
RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
- CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses
- CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
- CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields
- CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
- CVE-2022-33987: got: missing verification of requested URLs allows redirects to UNIX sockets
Synopsis
Moderate: nodejs:16 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
- nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
- nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
- nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
- nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
- got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- nodejs:16/nodejs: rebase to latest upstream release (BZ#2106369)
- nodejs:16/nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2111416)
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
- BZ - 2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets
- BZ - 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses
- BZ - 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
- BZ - 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields
- BZ - 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
- BZ - 2106369 - nodejs:16/nodejs: rebase to latest upstream release [rhel-8.6.0.z]
CVEs
- CVE-2021-3807
- CVE-2022-32212
- CVE-2022-32213
- CVE-2022-32214
- CVE-2022-32215
- CVE-2022-33987
Red Hat Enterprise Linux for x86_64 8
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: a04cd93735aedd003189080aef321af75933de88d1bc663519fb35c0003218b7
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: b538bbc257904cd85c66a6b6b37bf990397c64884a0f8249889234a7a1c4e36a
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: ed36d46cb7319f9067ba311043795f55e0b9b9d92cd3a32f3a1d7c942f8176b8
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 4ccdcffa984567a4aa6aed76406f3e6ccc334e679fe8d1fe70b8aad2e70eacfd
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 26c43851439b9826e9dbf55d01cadd5733c6b5549fedb3bd6d298fb551bca7f9
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: dce671c043a1b75c49e6b41a694c03efcbb91d7c096386087cf43f91db6a92ff
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: a04cd93735aedd003189080aef321af75933de88d1bc663519fb35c0003218b7
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: b538bbc257904cd85c66a6b6b37bf990397c64884a0f8249889234a7a1c4e36a
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: ed36d46cb7319f9067ba311043795f55e0b9b9d92cd3a32f3a1d7c942f8176b8
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 4ccdcffa984567a4aa6aed76406f3e6ccc334e679fe8d1fe70b8aad2e70eacfd
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 26c43851439b9826e9dbf55d01cadd5733c6b5549fedb3bd6d298fb551bca7f9
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: dce671c043a1b75c49e6b41a694c03efcbb91d7c096386087cf43f91db6a92ff
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: a04cd93735aedd003189080aef321af75933de88d1bc663519fb35c0003218b7
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: b538bbc257904cd85c66a6b6b37bf990397c64884a0f8249889234a7a1c4e36a
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: ed36d46cb7319f9067ba311043795f55e0b9b9d92cd3a32f3a1d7c942f8176b8
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 4ccdcffa984567a4aa6aed76406f3e6ccc334e679fe8d1fe70b8aad2e70eacfd
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 26c43851439b9826e9dbf55d01cadd5733c6b5549fedb3bd6d298fb551bca7f9
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: dce671c043a1b75c49e6b41a694c03efcbb91d7c096386087cf43f91db6a92ff
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
s390x
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: 62169d09b427407120f81da38114b4dd628499cbd47f01df84ed7faeef749dd8
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: f174477bb2b4bad60b450bb4cb6b01b0a6041e32401a0f89ec58e72bdd363857
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: aca8583293ef1721e424f599c1a6ced24b7be7f94381e945f326e7319b1c6782
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: 6d71987840ef3749b98e2b33a71c55269d093d117cf0f2db29148964fb7b7e80
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: 77c5984927246801bff5eb44031e935be153dcb9b4fda7f765b4c06b7c4b8fc5
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: 7d121722c6a3295512147f688314a782c5af683fac4a14a20a711effeb77d759
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
s390x
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: 62169d09b427407120f81da38114b4dd628499cbd47f01df84ed7faeef749dd8
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: f174477bb2b4bad60b450bb4cb6b01b0a6041e32401a0f89ec58e72bdd363857
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: aca8583293ef1721e424f599c1a6ced24b7be7f94381e945f326e7319b1c6782
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: 6d71987840ef3749b98e2b33a71c55269d093d117cf0f2db29148964fb7b7e80
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: 77c5984927246801bff5eb44031e935be153dcb9b4fda7f765b4c06b7c4b8fc5
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.s390x.rpm
SHA-256: 7d121722c6a3295512147f688314a782c5af683fac4a14a20a711effeb77d759
Red Hat Enterprise Linux for Power, little endian 8
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
ppc64le
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 236dc9e411c250fec01792c7df1ccf491b7d7995db344bb47ac819e2778b8130
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 721e5be88d4b9702537661ef36434d4078e0383db1f6d3a65177c905dfbb3aab
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 0b500f731199ed10c6db6658768099ec5d20a86df4945b850eeb5d420737e24a
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: c5817f8883ec5f8f8c8422080a1b48482258712eea511fa07c4cfcb6995210ab
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: ec61e2cb760dfb77fbfb2b84925faae3546a1c53dcce69d7410b850070d91d6a
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 848653a48ddd0f94f87348ee8046188e574ea07fa8bfb9b4c8fe5943daa996c8
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
ppc64le
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 236dc9e411c250fec01792c7df1ccf491b7d7995db344bb47ac819e2778b8130
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 721e5be88d4b9702537661ef36434d4078e0383db1f6d3a65177c905dfbb3aab
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 0b500f731199ed10c6db6658768099ec5d20a86df4945b850eeb5d420737e24a
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: c5817f8883ec5f8f8c8422080a1b48482258712eea511fa07c4cfcb6995210ab
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: ec61e2cb760dfb77fbfb2b84925faae3546a1c53dcce69d7410b850070d91d6a
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 848653a48ddd0f94f87348ee8046188e574ea07fa8bfb9b4c8fe5943daa996c8
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: a04cd93735aedd003189080aef321af75933de88d1bc663519fb35c0003218b7
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: b538bbc257904cd85c66a6b6b37bf990397c64884a0f8249889234a7a1c4e36a
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: ed36d46cb7319f9067ba311043795f55e0b9b9d92cd3a32f3a1d7c942f8176b8
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 4ccdcffa984567a4aa6aed76406f3e6ccc334e679fe8d1fe70b8aad2e70eacfd
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 26c43851439b9826e9dbf55d01cadd5733c6b5549fedb3bd6d298fb551bca7f9
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: dce671c043a1b75c49e6b41a694c03efcbb91d7c096386087cf43f91db6a92ff
Red Hat Enterprise Linux for ARM 64 8
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
aarch64
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 0c8405b8dd4eb8051e301051b0ced561cb63bd387f934aae77e61c5225f27a9e
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 6aeb17304d4bce846704c8da182e70d7015a6a47ea694a97fcf4e79734d5ae36
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: ed80130e6d28227986c24dc6f3fcb926bbcaac87acda5e8b71eda05b7adb5558
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 18ea0e5ed61d6622fed21fd114e70467bedc34562789e5eee7c86f3ab16dade4
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 5505842710c8a674a17c17607c23b647bcf39d1bc91bc299e1ef0dceef8d8dfb
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 88dcff69f9ce5173935d97a79eee3aff9fdea6edce5252b841a5600221acb979
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
aarch64
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 0c8405b8dd4eb8051e301051b0ced561cb63bd387f934aae77e61c5225f27a9e
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 6aeb17304d4bce846704c8da182e70d7015a6a47ea694a97fcf4e79734d5ae36
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: ed80130e6d28227986c24dc6f3fcb926bbcaac87acda5e8b71eda05b7adb5558
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 18ea0e5ed61d6622fed21fd114e70467bedc34562789e5eee7c86f3ab16dade4
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 5505842710c8a674a17c17607c23b647bcf39d1bc91bc299e1ef0dceef8d8dfb
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.aarch64.rpm
SHA-256: 88dcff69f9ce5173935d97a79eee3aff9fdea6edce5252b841a5600221acb979
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
ppc64le
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 236dc9e411c250fec01792c7df1ccf491b7d7995db344bb47ac819e2778b8130
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 721e5be88d4b9702537661ef36434d4078e0383db1f6d3a65177c905dfbb3aab
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 0b500f731199ed10c6db6658768099ec5d20a86df4945b850eeb5d420737e24a
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: c5817f8883ec5f8f8c8422080a1b48482258712eea511fa07c4cfcb6995210ab
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: ec61e2cb760dfb77fbfb2b84925faae3546a1c53dcce69d7410b850070d91d6a
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.ppc64le.rpm
SHA-256: 848653a48ddd0f94f87348ee8046188e574ea07fa8bfb9b4c8fe5943daa996c8
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm
SHA-256: ac1660721f223f8ff1e2c024dc96b09ff03146b0d28ffd6d79f3c5bab5a61eac
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm
SHA-256: 5d304390bf243bbe01f3273bca4c89a8762d353b53dec560d98f3f686f70e6e4
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: a04cd93735aedd003189080aef321af75933de88d1bc663519fb35c0003218b7
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: b538bbc257904cd85c66a6b6b37bf990397c64884a0f8249889234a7a1c4e36a
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: ed36d46cb7319f9067ba311043795f55e0b9b9d92cd3a32f3a1d7c942f8176b8
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 4ccdcffa984567a4aa6aed76406f3e6ccc334e679fe8d1fe70b8aad2e70eacfd
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: 26c43851439b9826e9dbf55d01cadd5733c6b5549fedb3bd6d298fb551bca7f9
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.x86_64.rpm
SHA-256: dce671c043a1b75c49e6b41a694c03efcbb91d7c096386087cf43f91db6a92ff
Related news
Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrec...
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...
Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
All security issues have been patched – update now
All security issues have been patched – update now
All security issues have been patched – update now
All security issues have been patched – update now
A minor version update (from 7.10 to 7.11) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7020: elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure * CVE-2020-9484: tomcat: deserialization flaw in session persistence storage leading to RCE * CVE-2020-15250: ju...
Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.
The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-39293: golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.