Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6595: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-7788: nodejs-ini: Prototype pollution via malicious INI file
  • CVE-2020-28469: nodejs-glob-parent: Regular expression denial of service
  • CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
  • CVE-2021-33502: nodejs-normalize-url: ReDoS for data URLs
  • CVE-2022-29244: nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace
  • CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses
  • CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
  • CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields
  • CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
  • CVE-2022-33987: nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
Red Hat Security Data
#vulnerability#linux#red_hat#dos#nodejs#js#git#java#ibm#sap

Synopsis

Moderate: nodejs and nodejs-nodemon security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: nodejs (16.16.0), nodejs-nodemon (2.0.19). (BZ#2124230, BZ#2124233)

Security Fix(es):

  • nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)
  • nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
  • nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
  • normalize-url: ReDoS for data URLs (CVE-2021-33502)
  • nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (CVE-2022-29244)
  • nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
  • nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
  • nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
  • nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
  • got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • nodejs:16/nodejs: Rebase to the latest Nodejs 16 release [rhel-9] (BZ#2121019)
  • nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2124299)

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 1907444 - CVE-2020-7788 nodejs-ini: Prototype pollution via malicious INI file
  • BZ - 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service
  • BZ - 1964461 - CVE-2021-33502 nodejs-normalize-url: ReDoS for data URLs
  • BZ - 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
  • BZ - 2098556 - CVE-2022-29244 nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace
  • BZ - 2102001 - CVE-2022-33987 nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
  • BZ - 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses
  • BZ - 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
  • BZ - 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields
  • BZ - 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
  • BZ - 2121019 - nodejs:16/nodejs: Rebase to the latest Nodejs 16 release [rhel-9] [rhel-9.0.0.z]
  • BZ - 2124299 - nodejs: Specify --with-default-icu-data-dir when using bootstrap build [rhel-9.0.0.z]

CVEs

  • CVE-2020-7788
  • CVE-2020-28469
  • CVE-2021-3807
  • CVE-2021-33502
  • CVE-2022-29244
  • CVE-2022-32212
  • CVE-2022-32213
  • CVE-2022-32214
  • CVE-2022-32215
  • CVE-2022-33987

Red Hat Enterprise Linux for x86_64 9

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

x86_64

nodejs-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 31c6fa52104363d9378d7506560549f7d9c31ca5ab9a03876dbc4a7883d80ae1

nodejs-debuginfo-16.16.0-1.el9_0.i686.rpm

SHA-256: 400b93c69ab0f7d46a39008fbc70382de212e00a74043ee664c14b8a09b35d60

nodejs-debuginfo-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 2e7aced60f016169603248c3ab952c30a6f9a8d51228abb6d02add1acf44cbec

nodejs-debugsource-16.16.0-1.el9_0.i686.rpm

SHA-256: 8825809f6132dc9c6d3a63e7f62aea7b01effd7a5873c9e55e3525b7c6f6482d

nodejs-debugsource-16.16.0-1.el9_0.x86_64.rpm

SHA-256: d2cf0f54865a8a8ba45e96717783ebb7414bd68dddc3b85da9db0744cf216f76

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 379ed8befca5341d825f49a1b67623bcb1123e159d371d0ff3c5cbf3c52e2b77

nodejs-libs-16.16.0-1.el9_0.i686.rpm

SHA-256: 1e9f3b1d04ac2c88ffd25a1b808e1caa20b44909dbfc479b7abc3a83e672aacc

nodejs-libs-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 44eaa1f5a844c9f880f72ffe4ae5317ef489dfdc310df18891662122622046cd

nodejs-libs-debuginfo-16.16.0-1.el9_0.i686.rpm

SHA-256: 7da55ab935bfe61311bfa12f6d2ba1b028997595bde099e0b21ef95b285e76f7

nodejs-libs-debuginfo-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 0a7d702b9678d47cc75d8b2675fb5fcff8940c898bd3a4d78f3f3eab6da3adab

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpm

SHA-256: 0e7826d4be43637ad206763b889663dc674fcca4d25381e5f3206cfef8ff4fa6

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

x86_64

nodejs-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 31c6fa52104363d9378d7506560549f7d9c31ca5ab9a03876dbc4a7883d80ae1

nodejs-debuginfo-16.16.0-1.el9_0.i686.rpm

SHA-256: 400b93c69ab0f7d46a39008fbc70382de212e00a74043ee664c14b8a09b35d60

nodejs-debuginfo-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 2e7aced60f016169603248c3ab952c30a6f9a8d51228abb6d02add1acf44cbec

nodejs-debugsource-16.16.0-1.el9_0.i686.rpm

SHA-256: 8825809f6132dc9c6d3a63e7f62aea7b01effd7a5873c9e55e3525b7c6f6482d

nodejs-debugsource-16.16.0-1.el9_0.x86_64.rpm

SHA-256: d2cf0f54865a8a8ba45e96717783ebb7414bd68dddc3b85da9db0744cf216f76

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 379ed8befca5341d825f49a1b67623bcb1123e159d371d0ff3c5cbf3c52e2b77

nodejs-libs-16.16.0-1.el9_0.i686.rpm

SHA-256: 1e9f3b1d04ac2c88ffd25a1b808e1caa20b44909dbfc479b7abc3a83e672aacc

nodejs-libs-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 44eaa1f5a844c9f880f72ffe4ae5317ef489dfdc310df18891662122622046cd

nodejs-libs-debuginfo-16.16.0-1.el9_0.i686.rpm

SHA-256: 7da55ab935bfe61311bfa12f6d2ba1b028997595bde099e0b21ef95b285e76f7

nodejs-libs-debuginfo-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 0a7d702b9678d47cc75d8b2675fb5fcff8940c898bd3a4d78f3f3eab6da3adab

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpm

SHA-256: 0e7826d4be43637ad206763b889663dc674fcca4d25381e5f3206cfef8ff4fa6

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

s390x

nodejs-16.16.0-1.el9_0.s390x.rpm

SHA-256: 6c87ee1268429ab48f8676c90701bca79181774b771b15cabf33510ba88d42b2

nodejs-debuginfo-16.16.0-1.el9_0.s390x.rpm

SHA-256: b300f814038e57030ad7decc2c6337430ec6e09761399e34cf3e930fe22355d7

nodejs-debugsource-16.16.0-1.el9_0.s390x.rpm

SHA-256: 6a9bf98fd6233e6c2dd4c0a9625aa1d576720eac4642306e841a73a7d3488b76

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.s390x.rpm

SHA-256: 0b0372eaae3fabe25d1b00b4d5a1cb2c569b8953aeba4eec93cf2171eee1b20b

nodejs-libs-16.16.0-1.el9_0.s390x.rpm

SHA-256: dfbcf12e74620a92236f3d0b050358dfa399622efb878d98ceffae7840ef4686

nodejs-libs-debuginfo-16.16.0-1.el9_0.s390x.rpm

SHA-256: c5ac8c2923bab3f3a7209afa8578c376a71f8eb2bd0a2aafd018302caf1778a9

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.s390x.rpm

SHA-256: 65af1cf5664c05a22b516a3e9c9758f46d8a44b3c7b66ec2d1226ccff4e20616

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

s390x

nodejs-16.16.0-1.el9_0.s390x.rpm

SHA-256: 6c87ee1268429ab48f8676c90701bca79181774b771b15cabf33510ba88d42b2

nodejs-debuginfo-16.16.0-1.el9_0.s390x.rpm

SHA-256: b300f814038e57030ad7decc2c6337430ec6e09761399e34cf3e930fe22355d7

nodejs-debugsource-16.16.0-1.el9_0.s390x.rpm

SHA-256: 6a9bf98fd6233e6c2dd4c0a9625aa1d576720eac4642306e841a73a7d3488b76

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.s390x.rpm

SHA-256: 0b0372eaae3fabe25d1b00b4d5a1cb2c569b8953aeba4eec93cf2171eee1b20b

nodejs-libs-16.16.0-1.el9_0.s390x.rpm

SHA-256: dfbcf12e74620a92236f3d0b050358dfa399622efb878d98ceffae7840ef4686

nodejs-libs-debuginfo-16.16.0-1.el9_0.s390x.rpm

SHA-256: c5ac8c2923bab3f3a7209afa8578c376a71f8eb2bd0a2aafd018302caf1778a9

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.s390x.rpm

SHA-256: 65af1cf5664c05a22b516a3e9c9758f46d8a44b3c7b66ec2d1226ccff4e20616

Red Hat Enterprise Linux for Power, little endian 9

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

ppc64le

nodejs-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 0fba063f9a01ffb8ccbdfc83b2ed9d22488209cc3173a04ff39e51a8047d6647

nodejs-debuginfo-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: abdfea43f459b879d0997478aa4e1894b2debea7269758f4ca9a8be4e8de18b9

nodejs-debugsource-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 688188967e7e9621f52fb050c80f8aeca6988b84bc53f15961dba04222bef87e

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 8c931c3ea67c5cb5ef95d1e2b5c2b4d38116c5bc869c569389224db15c117396

nodejs-libs-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: e2163b9f92ec397e9d63210db92f79b52aea8160f567d6bc11fda7b98a8f3cd6

nodejs-libs-debuginfo-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: cefce55f85222d023443fd354d3bd6bcaefdd49e22206e9cabce7908a33b9579

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.ppc64le.rpm

SHA-256: 1b84e0e000ac4930afd3409878f16ac111932af54c20a26b7c3b4ad8775b03d5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

ppc64le

nodejs-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 0fba063f9a01ffb8ccbdfc83b2ed9d22488209cc3173a04ff39e51a8047d6647

nodejs-debuginfo-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: abdfea43f459b879d0997478aa4e1894b2debea7269758f4ca9a8be4e8de18b9

nodejs-debugsource-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 688188967e7e9621f52fb050c80f8aeca6988b84bc53f15961dba04222bef87e

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 8c931c3ea67c5cb5ef95d1e2b5c2b4d38116c5bc869c569389224db15c117396

nodejs-libs-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: e2163b9f92ec397e9d63210db92f79b52aea8160f567d6bc11fda7b98a8f3cd6

nodejs-libs-debuginfo-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: cefce55f85222d023443fd354d3bd6bcaefdd49e22206e9cabce7908a33b9579

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.ppc64le.rpm

SHA-256: 1b84e0e000ac4930afd3409878f16ac111932af54c20a26b7c3b4ad8775b03d5

Red Hat Enterprise Linux for ARM 64 9

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

aarch64

nodejs-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 103c4b541363220124b745270b71a6bd7afc884a323d42085ef3905f9ece6075

nodejs-debuginfo-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 70df064670a52371f412882b49ca2faa1d64a8a4b38e6b1e80c4ee6591847faa

nodejs-debugsource-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 63336cda5c0e7a527ab43f124a75d9c55a6c6591629f5a4b0bb555da93b361e9

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 9a7efdb17f08c2c4269cdfe32f69add90a382b31334fa7a394004cf55e763066

nodejs-libs-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 5fb2512fe1b3ec615b6a928da1d5c0428637dfe0956c9a1a9e50494440665b8c

nodejs-libs-debuginfo-16.16.0-1.el9_0.aarch64.rpm

SHA-256: f665ded36a847d94a2f207ead03af3b710660d0b4cffea1d51b1e96b69efe25a

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.aarch64.rpm

SHA-256: c230e1866167a2fe880b546a829904a6e878b86b6ffe34937dea39a75e366bca

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

aarch64

nodejs-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 103c4b541363220124b745270b71a6bd7afc884a323d42085ef3905f9ece6075

nodejs-debuginfo-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 70df064670a52371f412882b49ca2faa1d64a8a4b38e6b1e80c4ee6591847faa

nodejs-debugsource-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 63336cda5c0e7a527ab43f124a75d9c55a6c6591629f5a4b0bb555da93b361e9

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 9a7efdb17f08c2c4269cdfe32f69add90a382b31334fa7a394004cf55e763066

nodejs-libs-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 5fb2512fe1b3ec615b6a928da1d5c0428637dfe0956c9a1a9e50494440665b8c

nodejs-libs-debuginfo-16.16.0-1.el9_0.aarch64.rpm

SHA-256: f665ded36a847d94a2f207ead03af3b710660d0b4cffea1d51b1e96b69efe25a

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.aarch64.rpm

SHA-256: c230e1866167a2fe880b546a829904a6e878b86b6ffe34937dea39a75e366bca

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

ppc64le

nodejs-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 0fba063f9a01ffb8ccbdfc83b2ed9d22488209cc3173a04ff39e51a8047d6647

nodejs-debuginfo-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: abdfea43f459b879d0997478aa4e1894b2debea7269758f4ca9a8be4e8de18b9

nodejs-debugsource-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 688188967e7e9621f52fb050c80f8aeca6988b84bc53f15961dba04222bef87e

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: 8c931c3ea67c5cb5ef95d1e2b5c2b4d38116c5bc869c569389224db15c117396

nodejs-libs-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: e2163b9f92ec397e9d63210db92f79b52aea8160f567d6bc11fda7b98a8f3cd6

nodejs-libs-debuginfo-16.16.0-1.el9_0.ppc64le.rpm

SHA-256: cefce55f85222d023443fd354d3bd6bcaefdd49e22206e9cabce7908a33b9579

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.ppc64le.rpm

SHA-256: 1b84e0e000ac4930afd3409878f16ac111932af54c20a26b7c3b4ad8775b03d5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

x86_64

nodejs-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 31c6fa52104363d9378d7506560549f7d9c31ca5ab9a03876dbc4a7883d80ae1

nodejs-debuginfo-16.16.0-1.el9_0.i686.rpm

SHA-256: 400b93c69ab0f7d46a39008fbc70382de212e00a74043ee664c14b8a09b35d60

nodejs-debuginfo-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 2e7aced60f016169603248c3ab952c30a6f9a8d51228abb6d02add1acf44cbec

nodejs-debugsource-16.16.0-1.el9_0.i686.rpm

SHA-256: 8825809f6132dc9c6d3a63e7f62aea7b01effd7a5873c9e55e3525b7c6f6482d

nodejs-debugsource-16.16.0-1.el9_0.x86_64.rpm

SHA-256: d2cf0f54865a8a8ba45e96717783ebb7414bd68dddc3b85da9db0744cf216f76

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 379ed8befca5341d825f49a1b67623bcb1123e159d371d0ff3c5cbf3c52e2b77

nodejs-libs-16.16.0-1.el9_0.i686.rpm

SHA-256: 1e9f3b1d04ac2c88ffd25a1b808e1caa20b44909dbfc479b7abc3a83e672aacc

nodejs-libs-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 44eaa1f5a844c9f880f72ffe4ae5317ef489dfdc310df18891662122622046cd

nodejs-libs-debuginfo-16.16.0-1.el9_0.i686.rpm

SHA-256: 7da55ab935bfe61311bfa12f6d2ba1b028997595bde099e0b21ef95b285e76f7

nodejs-libs-debuginfo-16.16.0-1.el9_0.x86_64.rpm

SHA-256: 0a7d702b9678d47cc75d8b2675fb5fcff8940c898bd3a4d78f3f3eab6da3adab

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpm

SHA-256: 0e7826d4be43637ad206763b889663dc674fcca4d25381e5f3206cfef8ff4fa6

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

aarch64

nodejs-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 103c4b541363220124b745270b71a6bd7afc884a323d42085ef3905f9ece6075

nodejs-debuginfo-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 70df064670a52371f412882b49ca2faa1d64a8a4b38e6b1e80c4ee6591847faa

nodejs-debugsource-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 63336cda5c0e7a527ab43f124a75d9c55a6c6591629f5a4b0bb555da93b361e9

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 9a7efdb17f08c2c4269cdfe32f69add90a382b31334fa7a394004cf55e763066

nodejs-libs-16.16.0-1.el9_0.aarch64.rpm

SHA-256: 5fb2512fe1b3ec615b6a928da1d5c0428637dfe0956c9a1a9e50494440665b8c

nodejs-libs-debuginfo-16.16.0-1.el9_0.aarch64.rpm

SHA-256: f665ded36a847d94a2f207ead03af3b710660d0b4cffea1d51b1e96b69efe25a

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.aarch64.rpm

SHA-256: c230e1866167a2fe880b546a829904a6e878b86b6ffe34937dea39a75e366bca

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

nodejs-16.16.0-1.el9_0.src.rpm

SHA-256: 689c9d4cd7f384b9e9ccce460846d0caa3fa4f987e3359102148675722b9c821

nodejs-nodemon-2.0.19-1.el9_0.src.rpm

SHA-256: 81c83307ec79b11cb7ca1aeb2eb6aad551d2121294b94a14cc5e125c0cdcd08c

s390x

nodejs-16.16.0-1.el9_0.s390x.rpm

SHA-256: 6c87ee1268429ab48f8676c90701bca79181774b771b15cabf33510ba88d42b2

nodejs-debuginfo-16.16.0-1.el9_0.s390x.rpm

SHA-256: b300f814038e57030ad7decc2c6337430ec6e09761399e34cf3e930fe22355d7

nodejs-debugsource-16.16.0-1.el9_0.s390x.rpm

SHA-256: 6a9bf98fd6233e6c2dd4c0a9625aa1d576720eac4642306e841a73a7d3488b76

nodejs-docs-16.16.0-1.el9_0.noarch.rpm

SHA-256: e496b41f7bff19a8d0de454fe5d6d8806b277e581e9c52cda4cf5c8543e30407

nodejs-full-i18n-16.16.0-1.el9_0.s390x.rpm

SHA-256: 0b0372eaae3fabe25d1b00b4d5a1cb2c569b8953aeba4eec93cf2171eee1b20b

nodejs-libs-16.16.0-1.el9_0.s390x.rpm

SHA-256: dfbcf12e74620a92236f3d0b050358dfa399622efb878d98ceffae7840ef4686

nodejs-libs-debuginfo-16.16.0-1.el9_0.s390x.rpm

SHA-256: c5ac8c2923bab3f3a7209afa8578c376a71f8eb2bd0a2aafd018302caf1778a9

nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm

SHA-256: b5396a6cb9ee77248895ca99e2f5f08d3c92ffd4f72b823fdeea19e7158c6bf1

npm-8.11.0-1.16.16.0.1.el9_0.s390x.rpm

SHA-256: 65af1cf5664c05a22b516a3e9c9758f46d8a44b3c7b66ec2d1226ccff4e20616

Related news

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

Ubuntu Security Notice USN-6491-1

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Red Hat Security Advisory 2022-6985-01

Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

RHSA-2022:6985: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrec...

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

RHSA-2022:6449: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting...

RHSA-2022:6448: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Tr...

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6389-01

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

RHSA-2022:6389: Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses * CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields * CVE-2022-32215: nodejs: HTTP request smuggling due to inc...

CVE-2020-4301: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

CVE-2020-4301: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32212: CVE - CVE-2018-7160

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32214

The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

RHSA-2022:5532: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update (from 7.10 to 7.11) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7020: elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure * CVE-2020-9484: tomcat: deserialization flaw in session persistence storage leading to RCE * CVE-2020-15250: ju...

Red Hat Security Advisory 2022-5483-01

Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2022:5483: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak

GHSA-pfrx-2q88-qq97: Got allows a redirect to a UNIX socket

The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.

CVE-2022-29244: deps: upgrade npm to 8.11.0 by npm-cli-bot · Pull Request #43210 · nodejs/node

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm.

GHSA-hj9c-8jmm-8c52: Packing does not respect root-level ignore files in workspaces

### Impact `npm pack` ignores root-level `.gitignore` & `.npmignore` file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of [v7.9.0](https://github.com/npm/cli/releases/tag/v7.9.0) & [v7.13.0](https://github.com/npm/cli/releases/tag/v7.13.0) respectively, may be affected and have published files into the npm registry they did not intend to include. ### Patch - Upgrade to the latest, patched version of `npm` ([`v8.11.0`](https://github.com/npm/cli/releases/tag/v8.11.0)), run: `npm i -g npm@latest` - Node.js versions [`v16.15.1`](https://github.com/nodejs/node/releases/tag/v16.15.1), [`v17.19.1`](https://github.com/nodejs/node/releases/tag/v17.9.1) & [`v18.3.0`](https://github.com/nodejs/node/releases/tag/v18.3.0) include the patched `v8.11.0` version of `npm` #### Steps to take to see if you're impacted 1. Run `npm publish --dry-run` or `npm pack` wi...

Red Hat Security Advisory 2022-4814-01

Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.

RHSA-2022:4814: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-39293: golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)

Red Hat Security Advisory 2022-4711-01

Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.

Red Hat Security Advisory 2022-4711-01

Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2021-3807: Fix potential ReDoS (#37) · chalk/ansi-regex@8d1d7cd

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

CVE-2020-7788: Snyk Vulnerability Database | Snyk

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

CVE-2020-11110: grafana/CHANGELOG.md at main · grafana/grafana

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.