Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4536: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-30581: No description is available for this CVE.
  • CVE-2023-30588: No description is available for this CVE.
  • CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
  • CVE-2023-30590: No description is available for this CVE.
Red Hat Security Data
#vulnerability#linux#red_hat#nodejs#js#java#ibm#sap

Synopsis

Moderate: nodejs:18 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The package has been upgraded to a later upstream version: nodejs (18.16.1). (BZ#2223630, BZ#2223631, BZ#2223632, BZ#2223633, BZ#2223635, BZ#2223642)

Security Fix(es):

  • nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581)
  • nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588)
  • nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589)
  • nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • nodejs:18/nodejs: Don’t assume FIPS is disabled by default [rhel-8] (BZ#2223639)

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2219824 - CVE-2023-30581 nodejs: mainModule.proto bypass experimental policy mechanism
  • BZ - 2219838 - CVE-2023-30588 nodejs: process interuption due to invalid Public Key information in x509 certificates
  • BZ - 2219841 - CVE-2023-30589 nodejs: HTTP Request Smuggling via Empty headers separated by CR
  • BZ - 2219842 - CVE-2023-30590 nodejs: DiffieHellman do not generate keys after setting a private key
  • BZ - 2223630 - nodejs:18/nodejs: Rebase to the latest Nodejs 18 release [rhel-8] [rhel-8.8.0.z]
  • BZ - 2223642 - nodejs:18/nodejs: Remove /usr/etc/npmrc softlink. [rhel-8] [rhel-8.8.0.z]

CVEs

  • CVE-2023-30581
  • CVE-2023-30588
  • CVE-2023-30589
  • CVE-2023-30590

Red Hat Enterprise Linux for x86_64 8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

x86_64

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 710c02896445d95ea8fd36548cd8dc4fe1ec673d75728a42e568b6a026e0c4cd

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 8c98b5e6f1083ffaf165cc84bc2b474aa36e85fc2535d0db0d80683d439ba86f

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: b23ba3c59163739b3cbae1927076002537ca9f7cec9afe86e7510513d696a13b

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: cc4d7c1ef6dcf6111cda75764e5514439ee38a493fb56b6f736687bf88989ff1

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: ba420e5c543423fa4f14569301bb68c3842618ab7727f8d750a19e10dc89cd47

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 3b982aead84ac235389459898467a9c52e49d812d6c1d5b11905951c4d2e5490

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

x86_64

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 710c02896445d95ea8fd36548cd8dc4fe1ec673d75728a42e568b6a026e0c4cd

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 8c98b5e6f1083ffaf165cc84bc2b474aa36e85fc2535d0db0d80683d439ba86f

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: b23ba3c59163739b3cbae1927076002537ca9f7cec9afe86e7510513d696a13b

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: cc4d7c1ef6dcf6111cda75764e5514439ee38a493fb56b6f736687bf88989ff1

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: ba420e5c543423fa4f14569301bb68c3842618ab7727f8d750a19e10dc89cd47

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 3b982aead84ac235389459898467a9c52e49d812d6c1d5b11905951c4d2e5490

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

s390x

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: e5ec9fac17f2a28bc4e2804a24d192cc518e20efb69787267ca222fb5bf098ae

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: 58febd52cea957957174e6fb4d9d556f075f4078f22770be150e7280560e686b

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: c55fb8758c4b95bf930053350148206b75287d1c9ccc3a281983d77e5df2c0d9

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: 4f53daa588e0690a6e27431459f47403ab7067d3a204f1b74aafee5594648e8b

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: 31e1ffa3b76df5ea4204702d1b47238e85c6448602d3f962f3ba4613c95a8c36

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: 57fb02253654986c627e259d0672250f8b89505510af85b3af1b5e4ad29e29e8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

s390x

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: e5ec9fac17f2a28bc4e2804a24d192cc518e20efb69787267ca222fb5bf098ae

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: 58febd52cea957957174e6fb4d9d556f075f4078f22770be150e7280560e686b

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: c55fb8758c4b95bf930053350148206b75287d1c9ccc3a281983d77e5df2c0d9

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: 4f53daa588e0690a6e27431459f47403ab7067d3a204f1b74aafee5594648e8b

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: 31e1ffa3b76df5ea4204702d1b47238e85c6448602d3f962f3ba4613c95a8c36

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.s390x.rpm

SHA-256: 57fb02253654986c627e259d0672250f8b89505510af85b3af1b5e4ad29e29e8

Red Hat Enterprise Linux for Power, little endian 8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

ppc64le

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 79d89387badd1fd9290ed892d576e06e30e3b9b01e08c3f4ac7e0a88af5880f4

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 6f6fc9de11eee9f38b3d88575ddac95b07e702ef29d82f60b32e0d5da74915d2

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: fe960de7f663c1be185dc8e513158148141489d878ccb37c974b74ed6c9c43ab

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 13296b4debdb6fce44f4fb9cf3672ee7ada0d298f30fdc0a505b67d439a5eb90

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 1a70b0a86f3ed93d41f2b9cd0656ac0f288d2feee93f22a4f3b1204b50885866

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 852997568f9130fb6606c39ea6c2e19e51578d482ddea4102d99b361a1982529

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

ppc64le

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 79d89387badd1fd9290ed892d576e06e30e3b9b01e08c3f4ac7e0a88af5880f4

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 6f6fc9de11eee9f38b3d88575ddac95b07e702ef29d82f60b32e0d5da74915d2

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: fe960de7f663c1be185dc8e513158148141489d878ccb37c974b74ed6c9c43ab

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 13296b4debdb6fce44f4fb9cf3672ee7ada0d298f30fdc0a505b67d439a5eb90

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 1a70b0a86f3ed93d41f2b9cd0656ac0f288d2feee93f22a4f3b1204b50885866

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 852997568f9130fb6606c39ea6c2e19e51578d482ddea4102d99b361a1982529

Red Hat Enterprise Linux Server - TUS 8.8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

x86_64

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 710c02896445d95ea8fd36548cd8dc4fe1ec673d75728a42e568b6a026e0c4cd

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 8c98b5e6f1083ffaf165cc84bc2b474aa36e85fc2535d0db0d80683d439ba86f

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: b23ba3c59163739b3cbae1927076002537ca9f7cec9afe86e7510513d696a13b

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: cc4d7c1ef6dcf6111cda75764e5514439ee38a493fb56b6f736687bf88989ff1

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: ba420e5c543423fa4f14569301bb68c3842618ab7727f8d750a19e10dc89cd47

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 3b982aead84ac235389459898467a9c52e49d812d6c1d5b11905951c4d2e5490

Red Hat Enterprise Linux for ARM 64 8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

aarch64

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: ff5b6e04cf772644ef514090e6d2b15443e3209cb9ab1ee6e3e6e6145751565a

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: 07cd35b2058ef4412a21ba501dbb2a373f5cb03acf8539dae22273d377d61cbe

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: ef8b59906f9f7356e10d1eaef6eb99cb7c9e1c85e0abafc5d01391607c9096ab

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: 09dc319ab93e226bf42d60dbb7428cf43088eb66ac610e1b23af2792ef3297da

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: 4fc0cd8d6415e7e25684acc86c0f2cf99eff6162d94b2ad8e6be274af330d0f5

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: 79cf13dffd2534b6aeadbfaa781da5d64401cde052845582b0537328375a2bee

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

aarch64

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: ff5b6e04cf772644ef514090e6d2b15443e3209cb9ab1ee6e3e6e6145751565a

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: 07cd35b2058ef4412a21ba501dbb2a373f5cb03acf8539dae22273d377d61cbe

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: ef8b59906f9f7356e10d1eaef6eb99cb7c9e1c85e0abafc5d01391607c9096ab

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: 09dc319ab93e226bf42d60dbb7428cf43088eb66ac610e1b23af2792ef3297da

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: 4fc0cd8d6415e7e25684acc86c0f2cf99eff6162d94b2ad8e6be274af330d0f5

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.aarch64.rpm

SHA-256: 79cf13dffd2534b6aeadbfaa781da5d64401cde052845582b0537328375a2bee

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

ppc64le

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 79d89387badd1fd9290ed892d576e06e30e3b9b01e08c3f4ac7e0a88af5880f4

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 6f6fc9de11eee9f38b3d88575ddac95b07e702ef29d82f60b32e0d5da74915d2

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: fe960de7f663c1be185dc8e513158148141489d878ccb37c974b74ed6c9c43ab

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 13296b4debdb6fce44f4fb9cf3672ee7ada0d298f30fdc0a505b67d439a5eb90

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 1a70b0a86f3ed93d41f2b9cd0656ac0f288d2feee93f22a4f3b1204b50885866

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.ppc64le.rpm

SHA-256: 852997568f9130fb6606c39ea6c2e19e51578d482ddea4102d99b361a1982529

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.src.rpm

SHA-256: b0eaafdfd4dc4af67ac9c8c340675ccbff2e9475f018267ab9ca6a34ab2e36da

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm

SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd

x86_64

nodejs-docs-18.16.1-1.module+el8.8.0+19438+94e84959.noarch.rpm

SHA-256: 85aeeb4b110761b29ddd34339cbcf3e83a2f6ca5fbb7343e4634dedc42d44154

nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm

SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860

nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4

nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4

nodejs-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 710c02896445d95ea8fd36548cd8dc4fe1ec673d75728a42e568b6a026e0c4cd

nodejs-debuginfo-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 8c98b5e6f1083ffaf165cc84bc2b474aa36e85fc2535d0db0d80683d439ba86f

nodejs-debugsource-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: b23ba3c59163739b3cbae1927076002537ca9f7cec9afe86e7510513d696a13b

nodejs-devel-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: cc4d7c1ef6dcf6111cda75764e5514439ee38a493fb56b6f736687bf88989ff1

nodejs-full-i18n-18.16.1-1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: ba420e5c543423fa4f14569301bb68c3842618ab7727f8d750a19e10dc89cd47

npm-9.5.1-1.18.16.1.1.module+el8.8.0+19438+94e84959.x86_64.rpm

SHA-256: 3b982aead84ac235389459898467a9c52e49d812d6c1d5b11905951c4d2e5490

Related news

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

Ubuntu Security Notice USN-6735-1

Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.

Debian Security Advisory 5589-1

Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

CVE-2023-30581: Tuesday June 20 2023 Security Releases | Node.js

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

CVE-2023-38735: Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-5533-01

Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

RHSA-2023:5533: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2022-25881: A flaw was found in http-cache-se...

Red Hat Security Advisory 2023-5361-01

Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.

RHSA-2023:5361: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting ...

Red Hat Security Advisory 2023-4536-01

Red Hat Security Advisory 2023-4536-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4536-01

Red Hat Security Advisory 2023-4536-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4536-01

Red Hat Security Advisory 2023-4536-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4536-01

Red Hat Security Advisory 2023-4536-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4537-01

Red Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4537-01

Red Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4537-01

Red Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4537-01

Red Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

RHSA-2023:4537: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to de...

RHSA-2023:4537: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to de...

RHSA-2023:4537: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to de...

RHSA-2023:4537: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to de...

Red Hat Security Advisory 2023-4330-01

Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4330-01

Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4330-01

Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4330-01

Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4331-01

Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4331-01

Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4331-01

Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2023-4331-01

Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

RHSA-2023:4331: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP hea...

RHSA-2023:4331: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP hea...

RHSA-2023:4331: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP hea...

RHSA-2023:4331: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP hea...

CVE-2023-37276: aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20