Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6985: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses
  • CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
  • CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields
  • CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
  • CVE-2022-33987: nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
Red Hat Security Data
#vulnerability#linux#red_hat#nodejs#js#java#ibm#sap

Synopsis

Moderate: nodejs:14 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
  • nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
  • nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
  • nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
  • got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • nodejs:14/nodejs: rebase to latest upstream release (BZ#2106368)
  • nodejs:14/nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2111419)

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2102001 - CVE-2022-33987 nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
  • BZ - 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses
  • BZ - 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
  • BZ - 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields
  • BZ - 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
  • BZ - 2106368 - nodejs:14/nodejs: rebase to latest upstream release [rhel-8.4.0.z]

CVEs

  • CVE-2022-32212
  • CVE-2022-32213
  • CVE-2022-32214
  • CVE-2022-32215
  • CVE-2022-33987

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: 3645589365b73d3e3ff1badb92140b5151a0e9ad9fe8980689820f8e20d413ef

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: ec44d72bdf98caabacab01b760a55ebb79cd8f48ec808534aadf824e38367718

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 60357ca6e50971fc5d1e9c65124c2a26197251a6872646ab7b2eee08875db1d4

nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 3ab29b8cbad9e662a997a412a53921d5a8883718cd43a90d25ef11dfc3b66c82

nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 06c5b81240a95594d6e9baf0a8f851fe5ce1bf3001c512503231d19eb799ebf7

nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: aca4b468f7b45fe714d593a5b07ae1c64371bb3032aa65898ba69c100115db1b

nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 04da4b07acf821e5ce48a5ee4b1f83cd1ddb1e1a5e1444c1c0916931d4ad4f19

nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 1ba789d42f5abb5d6c6e62b202f19dd65997dec6ab89cae36b553f930fb40fe3

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 7bbee7b5da1adbc47a77fe76e8193ec822b260366230b55cb5c143338a10e829

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: cd92973966ecfd9268b1f9c9c3561416ba7028dc2e9f9ac5456eb065be5826c2

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: 3645589365b73d3e3ff1badb92140b5151a0e9ad9fe8980689820f8e20d413ef

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: ec44d72bdf98caabacab01b760a55ebb79cd8f48ec808534aadf824e38367718

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 60357ca6e50971fc5d1e9c65124c2a26197251a6872646ab7b2eee08875db1d4

nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 3ab29b8cbad9e662a997a412a53921d5a8883718cd43a90d25ef11dfc3b66c82

nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 06c5b81240a95594d6e9baf0a8f851fe5ce1bf3001c512503231d19eb799ebf7

nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: aca4b468f7b45fe714d593a5b07ae1c64371bb3032aa65898ba69c100115db1b

nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 04da4b07acf821e5ce48a5ee4b1f83cd1ddb1e1a5e1444c1c0916931d4ad4f19

nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 1ba789d42f5abb5d6c6e62b202f19dd65997dec6ab89cae36b553f930fb40fe3

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 7bbee7b5da1adbc47a77fe76e8193ec822b260366230b55cb5c143338a10e829

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: cd92973966ecfd9268b1f9c9c3561416ba7028dc2e9f9ac5456eb065be5826c2

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: 3645589365b73d3e3ff1badb92140b5151a0e9ad9fe8980689820f8e20d413ef

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: ec44d72bdf98caabacab01b760a55ebb79cd8f48ec808534aadf824e38367718

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

s390x

nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 04da4b07acf821e5ce48a5ee4b1f83cd1ddb1e1a5e1444c1c0916931d4ad4f19

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 7bbee7b5da1adbc47a77fe76e8193ec822b260366230b55cb5c143338a10e829

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm

SHA-256: 4ac5894b4502a505f7350498e2a7bf2e4a9ed50ffb49569f92a8a74a28696c6c

nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm

SHA-256: 23286a45dcb61f5edb0b1db7a19e6612d7347c21983ab9361af0a7f56cf8eeca

nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm

SHA-256: 785cb526d3f25e7a250e7c56d4d6706e7bce7b27f130446c31c90e96d2ce0f08

nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm

SHA-256: 71434db8281316eb44094a4fe44f4c9a8f05daf4ee6c1ddd7b6105b3a958a94e

nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm

SHA-256: 60d4efd3b7777a2e8ab3f42102cba3f547117bc42aa28b9ca5c462e0de01cb99

npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.s390x.rpm

SHA-256: 445aaeed0b97b2d526f9e6cb6630ce84a8905081a2a9d23ef58fb70d00250e4c

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: 3645589365b73d3e3ff1badb92140b5151a0e9ad9fe8980689820f8e20d413ef

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: ec44d72bdf98caabacab01b760a55ebb79cd8f48ec808534aadf824e38367718

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

ppc64le

nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 04da4b07acf821e5ce48a5ee4b1f83cd1ddb1e1a5e1444c1c0916931d4ad4f19

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 7bbee7b5da1adbc47a77fe76e8193ec822b260366230b55cb5c143338a10e829

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: 925fc9fb8a8e6617afcfb77058e86df3770274c67c7efcd478dbd7fb561e3231

nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: ea1e605ab1e3b1c09391398ec12db663e846fc3134d7acc1bfa67dc39579f172

nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: edb5340c087c2f321e8a118e587123539717c8a5d1b5bd7d72f8a5a282de3b4b

nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: 2cbf366484aa9f62c150ada552b3669401e9cd6cbaacb2d17cd7d5b3fc32aea9

nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: e5eb059f74f8989a45822df18464fe94f2da4b9775e9eb95a0ffaeee96b0744d

npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: 3e3409fe4ac38550a9c37e7aa0981943fade35ff1f0a53fb16fa0377f83f81aa

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: 3645589365b73d3e3ff1badb92140b5151a0e9ad9fe8980689820f8e20d413ef

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: ec44d72bdf98caabacab01b760a55ebb79cd8f48ec808534aadf824e38367718

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 60357ca6e50971fc5d1e9c65124c2a26197251a6872646ab7b2eee08875db1d4

nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 3ab29b8cbad9e662a997a412a53921d5a8883718cd43a90d25ef11dfc3b66c82

nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 06c5b81240a95594d6e9baf0a8f851fe5ce1bf3001c512503231d19eb799ebf7

nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: aca4b468f7b45fe714d593a5b07ae1c64371bb3032aa65898ba69c100115db1b

nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 04da4b07acf821e5ce48a5ee4b1f83cd1ddb1e1a5e1444c1c0916931d4ad4f19

nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 1ba789d42f5abb5d6c6e62b202f19dd65997dec6ab89cae36b553f930fb40fe3

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 7bbee7b5da1adbc47a77fe76e8193ec822b260366230b55cb5c143338a10e829

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: cd92973966ecfd9268b1f9c9c3561416ba7028dc2e9f9ac5456eb065be5826c2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: 3645589365b73d3e3ff1badb92140b5151a0e9ad9fe8980689820f8e20d413ef

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: ec44d72bdf98caabacab01b760a55ebb79cd8f48ec808534aadf824e38367718

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

aarch64

nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 04da4b07acf821e5ce48a5ee4b1f83cd1ddb1e1a5e1444c1c0916931d4ad4f19

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 7bbee7b5da1adbc47a77fe76e8193ec822b260366230b55cb5c143338a10e829

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm

SHA-256: 94ae1b64cde443c8d5989c9e555bcbb9987510d1a8d465600f7024bba35e5477

nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm

SHA-256: 25ede69aaff351d4887e1df2df333aef1af0554a277931f258f30e39bd113f92

nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm

SHA-256: 56638f10bc2e700897fd2ead072defeff93c4897283ba41c191bfdc9a2351344

nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm

SHA-256: 4e817adc71ac77c766cc2a80325e2247e8475e59bf38e68d5b1129fb4e0783f7

nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm

SHA-256: b9aa4a5e5b13a61757cdc306a9019f87e8196944af44300b9a1f3fbb0f818c12

npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.aarch64.rpm

SHA-256: 8dd2cbd4e573d7bda66e78d393b4057720194ebdbe562b4eee2b36f78da39022

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: 3645589365b73d3e3ff1badb92140b5151a0e9ad9fe8980689820f8e20d413ef

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: ec44d72bdf98caabacab01b760a55ebb79cd8f48ec808534aadf824e38367718

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

ppc64le

nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 04da4b07acf821e5ce48a5ee4b1f83cd1ddb1e1a5e1444c1c0916931d4ad4f19

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 7bbee7b5da1adbc47a77fe76e8193ec822b260366230b55cb5c143338a10e829

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: 925fc9fb8a8e6617afcfb77058e86df3770274c67c7efcd478dbd7fb561e3231

nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: ea1e605ab1e3b1c09391398ec12db663e846fc3134d7acc1bfa67dc39579f172

nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: edb5340c087c2f321e8a118e587123539717c8a5d1b5bd7d72f8a5a282de3b4b

nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: 2cbf366484aa9f62c150ada552b3669401e9cd6cbaacb2d17cd7d5b3fc32aea9

nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: e5eb059f74f8989a45822df18464fe94f2da4b9775e9eb95a0ffaeee96b0744d

npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

SHA-256: 3e3409fe4ac38550a9c37e7aa0981943fade35ff1f0a53fb16fa0377f83f81aa

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: 3645589365b73d3e3ff1badb92140b5151a0e9ad9fe8980689820f8e20d413ef

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm

SHA-256: ec44d72bdf98caabacab01b760a55ebb79cd8f48ec808534aadf824e38367718

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

SHA-256: 550d2f0197e4e69e9cfba813170d0fab3911749327f0c30db022424702287709

x86_64

nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 60357ca6e50971fc5d1e9c65124c2a26197251a6872646ab7b2eee08875db1d4

nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 3ab29b8cbad9e662a997a412a53921d5a8883718cd43a90d25ef11dfc3b66c82

nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 06c5b81240a95594d6e9baf0a8f851fe5ce1bf3001c512503231d19eb799ebf7

nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: aca4b468f7b45fe714d593a5b07ae1c64371bb3032aa65898ba69c100115db1b

nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 04da4b07acf821e5ce48a5ee4b1f83cd1ddb1e1a5e1444c1c0916931d4ad4f19

nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: 1ba789d42f5abb5d6c6e62b202f19dd65997dec6ab89cae36b553f930fb40fe3

nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm

SHA-256: 7bbee7b5da1adbc47a77fe76e8193ec822b260366230b55cb5c143338a10e829

nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

SHA-256: d0ffb55491051b33ed7a0c9d1dfeb65ef76f367c9df1065140d0fa830091b169

npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

SHA-256: cd92973966ecfd9268b1f9c9c3561416ba7028dc2e9f9ac5456eb065be5826c2

Related news

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

Ubuntu Security Notice USN-6491-1

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Debian Security Advisory 5326-1

Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Red Hat Security Advisory 2022-6985-01

Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file * CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs * CVE-2022-29244: nodejs: npm pac...

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

RHSA-2022:6389: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...

RHSA-2022:6389: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...

RHSA-2022:6389: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...

RHSA-2022:6389: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...

RHSA-2022:6389: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32214

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32212: CVE - CVE-2018-7160

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

GHSA-pfrx-2q88-qq97: Got allows a redirect to a UNIX socket

The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.