Security
Headlines
HeadlinesLatestCVEs

Tag

#nodejs

Red Hat Security Advisory 2024-3550-03

Red Hat Security Advisory 2024-3550-03 - HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available. Issues addressed include code execution, denial of service, and password leak vulnerabilities.

Packet Storm
Open in Source
#vulnerability#red_hat#dos#apache#nodejs#js#auth
Red Hat Security Advisory 2024-3545-03

Red Hat Security Advisory 2024-3545-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2024-3544-03

Red Hat Security Advisory 2024-3544-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for gulp and gulp plugins." It has been downloaded 175 times to date. Software supply chain security

New V3B Phishing Kit Steals Logins and OTPs from EU Banking Users

By Deeba Ahmed New phishing kit targets European bank users! Protect yourself from V3B attacks designed to steal your logins and… This is a post from HackRead.com Read the original post: New V3B Phishing Kit Steals Logins and OTPs from EU Banking Users

GHSA-2p57-rm9w-gvfp: ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

GHSA-9hfw-cvf4-5x25: wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

Red Hat Security Advisory 2024-3472-03

Red Hat Security Advisory 2024-3472-03 - An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.

GHSA-xgwh-cgv9-783v: Ghost allows CSV Injection during member CSV export

Ghost before 5.82.0 allows CSV Injection during a member CSV export.

GHSA-pj27-2xvp-4qxg: @fastify/session reuses destroyed session cookie

### Impact When restoring the cookie from the session store, the `expires` field is overriden if the `maxAge` field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed. ### Patches Updating to v10.9.0 will solve this. ### Workarounds None ### References Publicly reported at: https://github.com/fastify/session/issues/251