Lucene search
GoogleOSV:RLSA-2023:0321HistoryJan 23, 2023 - 2:30 p.m.
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-01-2314:30:11
Google
osv.dev
10
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20).
Security Fix(es):
-
minimist: prototype pollution (CVE-2021-44906)
-
nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
-
nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
-
nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- nodejs: Packaged version of undici does not fit with declared version. [Rocky Linux-9] (BZ#2151627)
Related
rocky
rocky
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-01-23 14:30:11
nodejs:18 security, bug fix, and enhancement update
2022-12-06 15:25:25
nodejs:18 security, bug fix, and enhancement update
2022-12-06 15:25:28
oraclelinux
oraclelinux
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-01-24 00:00:00
nodejs:18 security, bug fix, and enhancement update
2022-12-09 00:00:00
nodejs:18 security, bug fix, and enhancement update
2022-12-08 00:00:00
redhat
redhat
almalinux
almalinux
Moderate: nodejs:18 security, bug fix, and enhancement update
2022-12-06 00:00:00
Moderate: nodejs:18 security, bug fix, and enhancement update
2022-12-06 00:00:00
osv
osv
Moderate: nodejs:18 security, bug fix, and enhancement update
2022-12-06 00:00:00
Moderate: nodejs:18 security, bug fix, and enhancement update
2022-12-06 15:25:28
nessus
nessus
Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2023-0321)
2023-01-24 00:00:00
RHEL 9 : nodejs and nodejs-nodemon (RHSA-2023:0321)
2023-01-23 00:00:00
AlmaLinux 9 : nodejs and nodejs-nodemon (ALSA-2023:0321)
2023-01-25 00:00:00
ibm
ibm
veracode
veracode
Prototype Pollution
2022-03-18 02:42:04
Arbitrary Code Execution
2022-11-06 14:52:02
HTTP Request Smuggling
2022-09-27 22:47:16
githubexploit
githubexploit
Exploit for Prototype Pollution in Substack Minimist
2023-10-02 15:20:35
ubuntucve
ubuntucve
prion
prion
Code injection
2022-03-17 16:15:00
Design/Logic Flaw
2022-12-05 22:15:00
Denial of service
2022-10-17 20:15:00
debiancve
debiancve
redos
redos
ROS-20240507-05
2024-05-07 00:00:00
ROS-20230504-03
2023-05-04 00:00:00
f5
f5
K17011311 : NodeJS vulnerability CVE-2022-35256
2022-12-09 00:00:00
K000133494 : Node.js vulnerability CVE-2022-43548
2023-04-12 00:00:00
cvelist
cvelist
cbl_mariner
cbl_mariner
CVE-2022-35256 affecting package nodejs 14.20.1-2
2022-12-27 17:55:50
CVE-2022-43548 affecting package nodejs 14.20.1-2
2022-12-27 17:55:50
CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2
2022-12-19 20:12:43
cve
cve
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0422)
2022-11-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3968-1)
2022-11-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4084-1)
2022-11-21 00:00:00
github
github
Prototype Pollution in minimist
2022-03-18 00:01:09
minimatch ReDoS vulnerability
2022-10-18 12:00:32
mageia
mageia
Updated nodejs-minimist packages fix security vulnerability
2023-02-07 03:06:39
Updated nodejs packages fix security vulnerability
2022-11-13 05:25:20
hackerone
hackerone
Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
2022-08-20 03:13:30
Node.js: DNS rebinding in --inspect via invalid octal IP address
2022-09-23 19:28:01
redhatcve
redhatcve
alpinelinux
alpinelinux
CVE-2022-35256
2022-12-05 22:15:00
CVE-2022-43548
2022-12-05 22:15:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.18.1-alt1
2023-03-18 00:00:00
thn
thn
debian
debian
[SECURITY] [DSA 5326-1] nodejs security update
2023-01-24 20:01:20