Headline
RHSA-2023:5362: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the ‘new Range’ function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.
- CVE-2023-32002: A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
- CVE-2023-32006: A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
- CVE-2023-32559: A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding(‘spawn_sync’) to run arbitrary code outside of the limits defined in a policy.json file.
Synopsis
Important: nodejs:18 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (18). (BZ#2234409)
Security Fix(es):
- nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002)
- nodejs-semver: Regular expression denial of service (CVE-2022-25883)
- nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006)
- nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Fixes
- BZ - 2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service
- BZ - 2230948 - CVE-2023-32002 nodejs: Permissions policies can be bypassed via Module._load
- BZ - 2230955 - CVE-2023-32006 nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()
- BZ - 2230956 - CVE-2023-32559 nodejs: Permissions policies can be bypassed via process.binding
- BZ - 2234409 - nodejs:18/nodejs: Rebase to the latest Nodejs 18 release [rhel-8] [rhel-8.8.0.z]
CVEs
- CVE-2022-25883
- CVE-2023-32002
- CVE-2023-32006
- CVE-2023-32559
Red Hat Enterprise Linux for x86_64 8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
x86_64
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: e7c408fc4e584548253611fa8fc699e7bb4f4c98f172a40183c117c8586ab7fc
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: 7aa808c96f2783d6dcc4d1c41417316220b6ba0bbd3011f6c85f8753980d568d
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: a719542a212cf6f076f40a188e5e24642d94855f6e574ec31a43bbb689fd1132
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: c20ec2d8f08fec2647f403b03026187309e329cb7fcd09264ab2ff843f6edc03
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: 3ef133e9b8cbd1b8313050b6b5f18c4b0e3d7ff42d5d1147e851d9af20694b20
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: fe6f98c6be20e71ac33333560bdd8807e84ccb216bdc098d449bc8b943a470dd
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
x86_64
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: e7c408fc4e584548253611fa8fc699e7bb4f4c98f172a40183c117c8586ab7fc
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: 7aa808c96f2783d6dcc4d1c41417316220b6ba0bbd3011f6c85f8753980d568d
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: a719542a212cf6f076f40a188e5e24642d94855f6e574ec31a43bbb689fd1132
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: c20ec2d8f08fec2647f403b03026187309e329cb7fcd09264ab2ff843f6edc03
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: 3ef133e9b8cbd1b8313050b6b5f18c4b0e3d7ff42d5d1147e851d9af20694b20
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: fe6f98c6be20e71ac33333560bdd8807e84ccb216bdc098d449bc8b943a470dd
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
s390x
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: fdfe0ed582fd19b7e431840906c5282864f3f8b1af6e01126fc70dbedf974eb3
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: aac124a75fb0c7821c8f9dbb33f23a7b88ddf86a415e94561848727c92333dfe
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: 6488348b6aade3344e739265e2737618ad27f350413d1bb95bc3c40c974aceef
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: 5adf40f30139b0b2f74c9e8a3866c05769b9783e03f19f9da87960ce01d44fec
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: c603720dc08b4e0a5c0248503c6777dbe6e7c50fa22161a8d08058fa70f62034
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: 3933d11df6177cce44bbae09a94bf950139c8fb132365897822ccdf6b63507f8
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
s390x
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: fdfe0ed582fd19b7e431840906c5282864f3f8b1af6e01126fc70dbedf974eb3
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: aac124a75fb0c7821c8f9dbb33f23a7b88ddf86a415e94561848727c92333dfe
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: 6488348b6aade3344e739265e2737618ad27f350413d1bb95bc3c40c974aceef
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: 5adf40f30139b0b2f74c9e8a3866c05769b9783e03f19f9da87960ce01d44fec
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: c603720dc08b4e0a5c0248503c6777dbe6e7c50fa22161a8d08058fa70f62034
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.s390x.rpm
SHA-256: 3933d11df6177cce44bbae09a94bf950139c8fb132365897822ccdf6b63507f8
Red Hat Enterprise Linux for Power, little endian 8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
ppc64le
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: f0335e8b56abd3f49b2ffae4973c7ebdb29b89e70d11cb8374310c15371bb544
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 2b89c7392ce72ac5a07aca58d5b647d5bc32802f7dff7537e189bc4aa6d022fe
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 0c563f5d78056d2b10543babad80c408e50e85b76dc754650503c2415c8fa6f2
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 5f87f61b369a60a736587c2ee0c92782c1cdcf65219bbe5d2a7f7a3e59a9bea5
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 8acae3950602c99d113776c9023299dc6ca29c4da4e37abe4a00cefcb2b80753
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 5b9189f994142374254f36a167f2fad37c06ffb39091cd1ef1cc9d4fa6fbe0e8
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
ppc64le
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: f0335e8b56abd3f49b2ffae4973c7ebdb29b89e70d11cb8374310c15371bb544
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 2b89c7392ce72ac5a07aca58d5b647d5bc32802f7dff7537e189bc4aa6d022fe
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 0c563f5d78056d2b10543babad80c408e50e85b76dc754650503c2415c8fa6f2
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 5f87f61b369a60a736587c2ee0c92782c1cdcf65219bbe5d2a7f7a3e59a9bea5
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 8acae3950602c99d113776c9023299dc6ca29c4da4e37abe4a00cefcb2b80753
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 5b9189f994142374254f36a167f2fad37c06ffb39091cd1ef1cc9d4fa6fbe0e8
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
x86_64
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: e7c408fc4e584548253611fa8fc699e7bb4f4c98f172a40183c117c8586ab7fc
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: 7aa808c96f2783d6dcc4d1c41417316220b6ba0bbd3011f6c85f8753980d568d
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: a719542a212cf6f076f40a188e5e24642d94855f6e574ec31a43bbb689fd1132
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: c20ec2d8f08fec2647f403b03026187309e329cb7fcd09264ab2ff843f6edc03
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: 3ef133e9b8cbd1b8313050b6b5f18c4b0e3d7ff42d5d1147e851d9af20694b20
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: fe6f98c6be20e71ac33333560bdd8807e84ccb216bdc098d449bc8b943a470dd
Red Hat Enterprise Linux for ARM 64 8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
aarch64
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 0ff3580ec9fc7060d7b753cadc58aa5ed407749f0e458bb214924d52c45be92e
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 19ec9b4fb66246fd4c70327a087f7c3a44e1780bfca1f42409be501d8718bf86
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 347baee79e035292b8f1fad12e824e11f68a6375cafa986b0788fc2e642a8bd7
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 54720da47edaf92658f45eaf7937aa09d4ecf767170712ee510803af0f51976f
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 2f9f09188d5d7311e55a936551bfe004e6175e0543163b086bc79a0976fdf2bb
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 95ac251e606a32c31d89e184ff79b821d95804de770c3c4b866ffefd27270d2e
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
aarch64
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 0ff3580ec9fc7060d7b753cadc58aa5ed407749f0e458bb214924d52c45be92e
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 19ec9b4fb66246fd4c70327a087f7c3a44e1780bfca1f42409be501d8718bf86
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 347baee79e035292b8f1fad12e824e11f68a6375cafa986b0788fc2e642a8bd7
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 54720da47edaf92658f45eaf7937aa09d4ecf767170712ee510803af0f51976f
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 2f9f09188d5d7311e55a936551bfe004e6175e0543163b086bc79a0976fdf2bb
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.aarch64.rpm
SHA-256: 95ac251e606a32c31d89e184ff79b821d95804de770c3c4b866ffefd27270d2e
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
ppc64le
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: f0335e8b56abd3f49b2ffae4973c7ebdb29b89e70d11cb8374310c15371bb544
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 2b89c7392ce72ac5a07aca58d5b647d5bc32802f7dff7537e189bc4aa6d022fe
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 0c563f5d78056d2b10543babad80c408e50e85b76dc754650503c2415c8fa6f2
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 5f87f61b369a60a736587c2ee0c92782c1cdcf65219bbe5d2a7f7a3e59a9bea5
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 8acae3950602c99d113776c9023299dc6ca29c4da4e37abe4a00cefcb2b80753
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.ppc64le.rpm
SHA-256: 5b9189f994142374254f36a167f2fad37c06ffb39091cd1ef1cc9d4fa6fbe0e8
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: dd907999987a2829def532b150bdc73e0a111488656e0f0584bd0ba71a489fa5
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.src.rpm
SHA-256: 4cbcbfa6f0fbee8f857317816fe19c6bc2d7f6759e9acbe6648f0dcf56086526
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
x86_64
nodejs-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: e7c408fc4e584548253611fa8fc699e7bb4f4c98f172a40183c117c8586ab7fc
nodejs-debuginfo-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: 7aa808c96f2783d6dcc4d1c41417316220b6ba0bbd3011f6c85f8753980d568d
nodejs-debugsource-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: a719542a212cf6f076f40a188e5e24642d94855f6e574ec31a43bbb689fd1132
nodejs-devel-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: c20ec2d8f08fec2647f403b03026187309e329cb7fcd09264ab2ff843f6edc03
nodejs-docs-18.17.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: 87b1d1aa07b606240cac94453631399f422ecbc4470c9deb1ce9cce17da72287
nodejs-full-i18n-18.17.1-1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: 3ef133e9b8cbd1b8313050b6b5f18c4b0e3d7ff42d5d1147e851d9af20694b20
nodejs-nodemon-3.0.1-1.module+el8.8.0+19757+8ca87034.noarch.rpm
SHA-256: f83ae6914fb89c33cf84aad6f159ff9905b9b958a99758b64f112962954b870c
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
npm-9.6.7-1.18.17.1.1.module+el8.8.0+19757+8ca87034.x86_64.rpm
SHA-256: fe6f98c6be20e71ac33333560bdd8807e84ccb216bdc098d449bc8b943a470dd
Related news
Red Hat Security Advisory 2024-6044-03 - Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General Availability release images, which fix bugs and update container images. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 6822-1 - It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.
Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.
Red Hat Security Advisory 2024-0719-03 - Migration Toolkit for Runtimes 1.2.4 release. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.
Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2022-25881: A flaw was found in http-cache-se...
Red Hat Security Advisory 2023-5486-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5485-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5488-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of servi...
Red Hat Security Advisory 2023-5379-01 - Network Observability 1.4.0. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5362-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5360-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5363-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. * ...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting ...
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
Red Hat Security Advisory 2023-4341-01 - Red Hat OpenShift bug fix and security update. Red Hat Product Security has rated this update as having a security impact of Low. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. * CVE-2023-22796: A flaw was found in rubygem-ac...
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.