RLSA-2023:7205
See a problem?- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2023:7205.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2023:7205
- Related
- Published
- 2023-11-28T22:43:02.525343Z
- Modified
- 2023-11-28T22:45:08.925134Z
- Summary
- Important: nodejs:20 security update
- Details
-
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
nodejs: permission model improperly protects against path traversal (CVE-2023-39331)
nodejs: path traversal through path stored in Uint8Array (CVE-2023-39332)
nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)
nodejs: code injection via WebAssembly export names (CVE-2023-39333)
node-undici: cookie leakage (CVE-2023-45143)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2023:7205
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803
- https://bugzilla.redhat.com/show_bug.cgi?id=2244104
- https://bugzilla.redhat.com/show_bug.cgi?id=2244413
- https://bugzilla.redhat.com/show_bug.cgi?id=2244414
- https://bugzilla.redhat.com/show_bug.cgi?id=2244415
- https://bugzilla.redhat.com/show_bug.cgi?id=2244418
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / nodejs-nodemon
Package
- Name
- nodejs-nodemon
- Purl
- pkg:rpm/rocky-linux/nodejs-nodemon?distro=rocky-linux-8-x86-64&epoch=0
Rocky Linux:8 / nodejs-packaging
Package
- Name
- nodejs-packaging
- Purl
- pkg:rpm/rocky-linux/nodejs-packaging?distro=rocky-linux-8-x86-64&epoch=0