Vulnerability-Lookup

CVE-2021-35065 (GCVE-0-2021-35065)

Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 18:31

Summary

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-1333 - Inefficient Regular Expression Complexity

Assigner

mitre

References

4 references

URL	Tags
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…
https://github.com/gulpjs/glob-parent/commit/3e9f…
https://github.com/gulpjs/glob-parent/pull/49
https://security.netapp.com/advisory/ntap-2023021…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:33:50.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230214-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/gulpjs/glob-parent/pull/49"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-35065",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T14:52:03.644571Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "CWE-1333 Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T18:31:12.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-26T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        },
        {
          "url": "https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339"
        },
        {
          "url": "https://github.com/gulpjs/glob-parent/pull/49"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-35065",
    "datePublished": "2022-12-26T00:00:00.000Z",
    "dateReserved": "2021-06-21T00:00:00.000Z",
    "dateUpdated": "2025-04-14T18:31:12.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-35065",
      "date": "2026-06-25",
      "epss": "0.01589",
      "percentile": "0.72543"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gulpjs:glob-parent:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.1\", \"matchCriteriaId\": \"89D4AC09-A67D-4F86-B6A3-7BD266105561\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.\"}, {\"lang\": \"es\", \"value\": \"El paquete glob-parent anterior a 6.0.1 para Node.js permite ataques ReDoS (Denegaci\\u00f3n de Servicio (DoS) de expresi\\u00f3n regular) contra la expresi\\u00f3n regular del recinto.\"}]",
      "id": "CVE-2021-35065",
      "lastModified": "2024-11-21T06:11:46.787",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-12-26T07:15:11.730",
      "references": "[{\"url\": \"https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/gulpjs/glob-parent/pull/49\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/gulpjs/glob-parent/pull/49\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230214-0010/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1333\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-35065\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-12-26T07:15:11.730\",\"lastModified\":\"2025-04-14T19:15:29.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.\"},{\"lang\":\"es\",\"value\":\"El paquete glob-parent anterior a 6.0.1 para Node.js permite ataques ReDoS (Denegaci\u00f3n de Servicio (DoS) de expresi\u00f3n regular) contra la expresi\u00f3n regular del recinto.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gulpjs:glob-parent:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.1\",\"matchCriteriaId\":\"89D4AC09-A67D-4F86-B6A3-7BD266105561\"}]}]}],\"references\":[{\"url\":\"https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/gulpjs/glob-parent/pull/49\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/gulpjs/glob-parent/pull/49\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230214-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20230214-0010/\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/gulpjs/glob-parent/pull/49\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T00:33:50.984Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-35065\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-14T14:52:03.644571Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333 Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-14T14:53:20.832Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294\"}, {\"url\": \"https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339\"}, {\"url\": \"https://github.com/gulpjs/glob-parent/pull/49\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-12-26T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-35065\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-14T18:31:12.451Z\", \"dateReserved\": \"2021-06-21T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-12-26T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

RHSA-2023:1533

Vulnerability from csaf_redhat - Published: 2023-03-30 13:06 - Updated: 2026-06-25 02:55

Summary

Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

Severity

Important

Notes

Topic: An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (14.21.3). Security Fix(es): * decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900) * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * minimist: prototype pollution (CVE-2021-44906) * nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) * nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548) * Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-44906

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-3517

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4904

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-24999

A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-25881

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-35256

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38900

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-43548

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-23918

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CWE-426 - Untrusted Search Path

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

References

70 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1533	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130518	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134609	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140911	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142823	external
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2175828	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2021-44906	self
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://www.cve.org/CVERecord?id=CVE-2021-44906	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44906	external
https://github.com/advisories/GHSA-xvch-5gv4-984h	external
https://access.redhat.com/security/cve/CVE-2022-3517	self
https://bugzilla.redhat.com/show_bug.cgi?id=2134609	external
https://www.cve.org/CVERecord?id=CVE-2022-3517	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3517	external
https://access.redhat.com/security/cve/CVE-2022-4904	self
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://www.cve.org/CVERecord?id=CVE-2022-4904	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4904	external
https://github.com/c-ares/c-ares/issues/496	external
https://access.redhat.com/security/cve/CVE-2022-24999	self
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://www.cve.org/CVERecord?id=CVE-2022-24999	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24999	external
https://github.com/expressjs/express/releases/tag…	external
https://github.com/ljharb/qs/pull/428	external
https://github.com/n8tz/CVE-2022-24999	external
https://access.redhat.com/security/cve/CVE-2022-25881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://www.cve.org/CVERecord?id=CVE-2022-25881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25881	external
https://access.redhat.com/security/cve/CVE-2022-35256	self
https://bugzilla.redhat.com/show_bug.cgi?id=2130518	external
https://www.cve.org/CVERecord?id=CVE-2022-35256	external
https://nvd.nist.gov/vuln/detail/CVE-2022-35256	external
https://nodejs.org/en/blog/vulnerability/septembe…	external
https://access.redhat.com/security/cve/CVE-2022-38900	self
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://www.cve.org/CVERecord?id=CVE-2022-38900	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38900	external
https://github.com/SamVerschueren/decode-uri-comp…	external
https://github.com/advisories/GHSA-w573-4hg7-7wgq	external
https://access.redhat.com/security/cve/CVE-2022-43548	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140911	external
https://www.cve.org/CVERecord?id=CVE-2022-43548	external
https://nvd.nist.gov/vuln/detail/CVE-2022-43548	external
https://nodejs.org/en/blog/vulnerability/november…	external
https://access.redhat.com/security/cve/CVE-2023-23918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://www.cve.org/CVERecord?id=CVE-2023-23918	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23918	external
https://access.redhat.com/security/cve/CVE-2023-23920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://www.cve.org/CVERecord?id=CVE-2023-23920	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23920	external

Acknowledgments

VVX7

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1533",
        "url": "https://access.redhat.com/errata/RHSA-2023:1533"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2066009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
      },
      {
        "category": "external",
        "summary": "2130518",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
      },
      {
        "category": "external",
        "summary": "2134609",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
      },
      {
        "category": "external",
        "summary": "2140911",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
      },
      {
        "category": "external",
        "summary": "2142823",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142823"
      },
      {
        "category": "external",
        "summary": "2150323",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2165824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
      },
      {
        "category": "external",
        "summary": "2168631",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
      },
      {
        "category": "external",
        "summary": "2170644",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
      },
      {
        "category": "external",
        "summary": "2171935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
      },
      {
        "category": "external",
        "summary": "2172217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
      },
      {
        "category": "external",
        "summary": "2175828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175828"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1533.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-25T02:55:23+00:00",
      "generator": {
        "date": "2026-06-25T02:55:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2023:1533",
      "initial_release_date": "2023-03-30T13:06:07+00:00",
      "revision_history": [
        {
          "date": "2023-03-30T13:06:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-30T13:06:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T02:55:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)",
                  "product_id": "AppStream-8.4.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:8.4::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14)",
                  "product_id": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14"
        },
        "product_reference": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2021-44906",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2066009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "minimist: prototype pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2066009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
        }
      ],
      "release_date": "2022-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "minimist: prototype pollution"
    },
    {
      "cve": "CVE-2022-3517",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2022-06-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2134609"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-minimatch: ReDoS via the braceExpand function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3517"
        },
        {
          "category": "external",
          "summary": "RHBZ#2134609",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517"
        }
      ],
      "release_date": "2022-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-minimatch: ReDoS via the braceExpand function"
    },
    {
      "cve": "CVE-2022-4904",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2023-02-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2168631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "RHBZ#2168631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/issues/496",
          "url": "https://github.com/c-ares/c-ares/issues/496"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
    },
    {
      "cve": "CVE-2022-24999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150323"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "express: \"qs\" prototype poisoning causes the hang of the node process",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150323",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
          "url": "https://github.com/expressjs/express/releases/tag/4.17.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/pull/428",
          "url": "https://github.com/ljharb/qs/pull/428"
        },
        {
          "category": "external",
          "summary": "https://github.com/n8tz/CVE-2022-24999",
          "url": "https://github.com/n8tz/CVE-2022-24999"
        }
      ],
      "release_date": "2022-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "express: \"qs\" prototype poisoning causes the hang of the node process"
    },
    {
      "cve": "CVE-2022-25881",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "VVX7"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-35256",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-09-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2130518"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-35256"
        },
        {
          "category": "external",
          "summary": "RHBZ#2130518",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256",
          "url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256"
        }
      ],
      "release_date": "2022-09-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields"
    },
    {
      "cve": "CVE-2022-38900",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2023-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2170644"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "decode-uri-component: improper input validation resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "RHBZ#2170644",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
          "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
          "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
        }
      ],
      "release_date": "2022-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "decode-uri-component: improper input validation resulting in DoS"
    },
    {
      "cve": "CVE-2022-43548",
      "cwe": {
        "id": "CWE-350",
        "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
      },
      "discovery_date": "2022-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140911"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: DNS rebinding in inspect via invalid octal IP address",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Redhat has marked this vulnerability as moderate for two primary reasons.\n1. The vulnerable inspect functionality might not be enabled, exposed, or reachable in many deployments.\n\n2.The code path might require very specific configurations or conditions (e.g. DNS rebinding, certain host/IP setups) that are rare in default environments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140911",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548",
          "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548"
        }
      ],
      "release_date": "2022-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: DNS rebinding in inspect via invalid octal IP address"
    },
    {
      "cve": "CVE-2023-23918",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171935"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Permissions policies can be bypassed via process.mainModule",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171935",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        },
        {
          "category": "workaround",
          "details": "Turn off the --experimental-policy in your Node.js deployment.",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Permissions policies can be bypassed via process.mainModule"
    },
    {
      "cve": "CVE-2023-23920",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172217"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172217",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T13:06:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
    }
  ]
}

RHSA-2023:1582

Vulnerability from csaf_redhat - Published: 2023-04-04 09:57 - Updated: 2026-06-25 02:55

Summary

Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

Severity

Moderate

Notes

Topic: An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4904

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-25881

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-23918

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-23919

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-23920

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CWE-426 - Untrusted Search Path

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-23936

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Low

References

46 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1582	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172170	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172190	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172204	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2178142	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2022-4904	self
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://www.cve.org/CVERecord?id=CVE-2022-4904	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4904	external
https://github.com/c-ares/c-ares/issues/496	external
https://access.redhat.com/security/cve/CVE-2022-25881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://www.cve.org/CVERecord?id=CVE-2022-25881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25881	external
https://access.redhat.com/security/cve/CVE-2023-23918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://www.cve.org/CVERecord?id=CVE-2023-23918	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23918	external
https://access.redhat.com/security/cve/CVE-2023-23919	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172170	external
https://www.cve.org/CVERecord?id=CVE-2023-23919	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23919	external
https://access.redhat.com/security/cve/CVE-2023-23920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://www.cve.org/CVERecord?id=CVE-2023-23920	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23920	external
https://access.redhat.com/security/cve/CVE-2023-23936	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172190	external
https://www.cve.org/CVERecord?id=CVE-2023-23936	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23936	external
https://access.redhat.com/security/cve/CVE-2023-24807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172204	external
https://www.cve.org/CVERecord?id=CVE-2023-24807	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24807	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.19.1).\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: OpenSSL error handling issues in nodejs crypto library (CVE-2023-23919)\n\n* Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\n* Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1582",
        "url": "https://access.redhat.com/errata/RHSA-2023:1582"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2165824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
      },
      {
        "category": "external",
        "summary": "2168631",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
      },
      {
        "category": "external",
        "summary": "2171935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
      },
      {
        "category": "external",
        "summary": "2172170",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172170"
      },
      {
        "category": "external",
        "summary": "2172190",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172190"
      },
      {
        "category": "external",
        "summary": "2172204",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172204"
      },
      {
        "category": "external",
        "summary": "2172217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
      },
      {
        "category": "external",
        "summary": "2178142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178142"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1582.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-25T02:55:23+00:00",
      "generator": {
        "date": "2026-06-25T02:55:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2023:1582",
      "initial_release_date": "2023-04-04T09:57:16+00:00",
      "revision_history": [
        {
          "date": "2023-04-04T09:57:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-04-04T09:57:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T02:55:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.7.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src (nodejs:16)",
                  "product_id": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=src\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src (nodejs:16)",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.7.0%2B18373%2B704f5cef?arch=src\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
                "product": {
                  "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src (nodejs:16)",
                  "product_id": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@25-1.module%2Bel8.5.0%2B10992%2Bfac5fe06?arch=src\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16)",
                  "product_id": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16)",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16)",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16)",
                  "product_id": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16)",
                  "product_id": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                "product": {
                  "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16)",
                  "product_id": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
                "product": {
                  "name": "nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch (nodejs:16)",
                  "product_id": "nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch (nodejs:16)",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.7.0%2B18373%2B704f5cef?arch=noarch\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
                "product": {
                  "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch (nodejs:16)",
                  "product_id": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@25-1.module%2Bel8.5.0%2B10992%2Bfac5fe06?arch=noarch\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16)",
                  "product_id": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16)",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16)",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16)",
                  "product_id": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16)",
                  "product_id": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                "product": {
                  "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16)",
                  "product_id": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16)",
                  "product_id": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16)",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16)",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16)",
                  "product_id": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16)",
                  "product_id": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                "product": {
                  "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16)",
                  "product_id": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16)",
                  "product_id": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16)",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16)",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16)",
                  "product_id": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16)",
                  "product_id": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                "product": {
                  "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16)",
                  "product_id": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.module%2Bel8.7.0%2B18373%2B704f5cef?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8070020230314140722:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16"
        },
        "product_reference": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16"
        },
        "product_reference": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16"
        },
        "product_reference": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16"
        },
        "product_reference": "nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16"
        },
        "product_reference": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16"
        },
        "product_reference": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16"
        },
        "product_reference": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16"
        },
        "product_reference": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16"
        },
        "product_reference": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16"
        },
        "product_reference": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        },
        "product_reference": "npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:57:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1582"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2022-4904",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2023-02-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2168631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "RHBZ#2168631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/issues/496",
          "url": "https://github.com/c-ares/c-ares/issues/496"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:57:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1582"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
    },
    {
      "cve": "CVE-2022-25881",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:57:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1582"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
    },
    {
      "cve": "CVE-2023-23918",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171935"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Permissions policies can be bypassed via process.mainModule",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171935",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:57:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1582"
        },
        {
          "category": "workaround",
          "details": "Turn off the --experimental-policy in your Node.js deployment.",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Permissions policies can be bypassed via process.mainModule"
    },
    {
      "cve": "CVE-2023-23919",
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172170"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: OpenSSL error handling issues in nodejs crypto library",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability has been rated as moderate by Redhat for several reasons,first and foremost being that in order for the stack to crash,same thread would have to be used by the application which is a complexity outside the hands of attacker because in node.js workloads may be isolated or not happen sequentially on the same thread, reducing exposure,moreover the exploitation might lead to denial of service and poses no threat to confidentiality or integrity of the system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23919"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172170",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172170"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:57:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1582"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: OpenSSL error handling issues in nodejs crypto library"
    },
    {
      "cve": "CVE-2023-23920",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172217"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172217",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:57:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1582"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
    },
    {
      "cve": "CVE-2023-23936",
      "cwe": {
        "id": "CWE-93",
        "name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172190"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the \u0027host\u0027 header. This issue could allow HTTP response splitting and HTTP header injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Fetch API did not protect against CRLF injection in host headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23936"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172190",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172190"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:57:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1582"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Fetch API did not protect against CRLF injection in host headers"
    },
    {
      "cve": "CVE-2023-24807",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172204"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Regular Expression Denial of Service in Headers fetch API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
          "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172204",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172204"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:57:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1582"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18373+704f5cef.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.aarch64::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.ppc64le::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.s390x::nodejs:16",
            "AppStream-8.7.0.Z.MAIN:npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: Regular Expression Denial of Service in Headers fetch API"
    }
  ]
}

RHSA-2023:1583

Vulnerability from csaf_redhat - Published: 2023-04-04 09:59 - Updated: 2026-06-25 02:55

Summary

Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

Severity

Moderate

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-25881

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-23918

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-23919

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-23920

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CWE-426 - Untrusted Search Path

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-23936

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-24807

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Low

References

39 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1583	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172190	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172204	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2178087	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2022-25881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://www.cve.org/CVERecord?id=CVE-2022-25881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25881	external
https://access.redhat.com/security/cve/CVE-2023-23918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://www.cve.org/CVERecord?id=CVE-2023-23918	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23918	external
https://access.redhat.com/security/cve/CVE-2023-23919	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172170	external
https://www.cve.org/CVERecord?id=CVE-2023-23919	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23919	external
https://access.redhat.com/security/cve/CVE-2023-23920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://www.cve.org/CVERecord?id=CVE-2023-23920	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23920	external
https://access.redhat.com/security/cve/CVE-2023-23936	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172190	external
https://www.cve.org/CVERecord?id=CVE-2023-23936	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23936	external
https://access.redhat.com/security/cve/CVE-2023-24807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172204	external
https://www.cve.org/CVERecord?id=CVE-2023-24807	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24807	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (18.14.2).\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\n* Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1583",
        "url": "https://access.redhat.com/errata/RHSA-2023:1583"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2165824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
      },
      {
        "category": "external",
        "summary": "2171935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
      },
      {
        "category": "external",
        "summary": "2172190",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172190"
      },
      {
        "category": "external",
        "summary": "2172204",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172204"
      },
      {
        "category": "external",
        "summary": "2172217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
      },
      {
        "category": "external",
        "summary": "2178087",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178087"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1583.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-25T02:55:27+00:00",
      "generator": {
        "date": "2026-06-25T02:55:27+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2023:1583",
      "initial_release_date": "2023-04-04T09:59:44+00:00",
      "revision_history": [
        {
          "date": "2023-04-04T09:59:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-04-04T09:59:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T02:55:27+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.7.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=src\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=src\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18)",
                  "product_id": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.5.0-1.18.14.2.2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=noarch\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=noarch\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=noarch\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18)",
                  "product_id": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.5.0-1.18.14.2.2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18)",
                  "product_id": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.5.0-1.18.14.2.2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.14.2-2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18)",
                  "product_id": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.5.0-1.18.14.2.2.module%2Bel8.7.0%2B18445%2B9493b6ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8070020230322080930:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18"
        },
        "product_reference": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:59:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1583"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2022-25881",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:59:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1583"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
    },
    {
      "cve": "CVE-2023-23918",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171935"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Permissions policies can be bypassed via process.mainModule",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171935",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:59:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1583"
        },
        {
          "category": "workaround",
          "details": "Turn off the --experimental-policy in your Node.js deployment.",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Permissions policies can be bypassed via process.mainModule"
    },
    {
      "cve": "CVE-2023-23919",
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172170"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: OpenSSL error handling issues in nodejs crypto library",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability has been rated as moderate by Redhat for several reasons,first and foremost being that in order for the stack to crash,same thread would have to be used by the application which is a complexity outside the hands of attacker because in node.js workloads may be isolated or not happen sequentially on the same thread, reducing exposure,moreover the exploitation might lead to denial of service and poses no threat to confidentiality or integrity of the system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23919"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172170",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172170"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:59:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1583"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: OpenSSL error handling issues in nodejs crypto library"
    },
    {
      "cve": "CVE-2023-23920",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172217"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172217",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:59:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1583"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
    },
    {
      "cve": "CVE-2023-23936",
      "cwe": {
        "id": "CWE-93",
        "name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172190"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the \u0027host\u0027 header. This issue could allow HTTP response splitting and HTTP header injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Fetch API did not protect against CRLF injection in host headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23936"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172190",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172190"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:59:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1583"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Fetch API did not protect against CRLF injection in host headers"
    },
    {
      "cve": "CVE-2023-24807",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172204"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Regular Expression Denial of Service in Headers fetch API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
          "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172204",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172204"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-04T09:59:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1583"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:18.14.2-2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+18445+9493b6ea.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.aarch64::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.ppc64le::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.s390x::nodejs:18",
            "AppStream-8.7.0.Z.MAIN:npm-1:9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: Regular Expression Denial of Service in Headers fetch API"
    }
  ]
}

RHSA-2023:1742

Vulnerability from csaf_redhat - Published: 2023-04-12 15:04 - Updated: 2026-06-25 02:55

Summary

Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

Severity

Important

Notes

Topic: An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (14.21.3). Security Fix(es): * decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900) * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531) * nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532) * nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533) * minimist: prototype pollution (CVE-2021-44906) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) * nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548) * Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918) * nodejs: Prototype pollution via console.table properties (CVE-2022-21824) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-44531

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-295 - Improper Certificate Validation

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-44532

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-295 - Improper Certificate Validation

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-44533

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-295 - Improper Certificate Validation

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-44906

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-0235

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-3517

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4904

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-21824

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-24999

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-25881

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-35256

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38900

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-43548

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-23918

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-23920

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CWE-426 - Untrusted Search Path

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

References

97 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1742	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2040839	external
https://bugzilla.redhat.com/show_bug.cgi?id=2040846	external
https://bugzilla.redhat.com/show_bug.cgi?id=2040856	external
https://bugzilla.redhat.com/show_bug.cgi?id=2040862	external
https://bugzilla.redhat.com/show_bug.cgi?id=2044591	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2130518	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134609	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140911	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142822	external
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2175827	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2021-44531	self
https://bugzilla.redhat.com/show_bug.cgi?id=2040839	external
https://www.cve.org/CVERecord?id=CVE-2021-44531	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44531	external
https://nodejs.org/en/blog/vulnerability/jan-2022…	external
https://access.redhat.com/security/cve/CVE-2021-44532	self
https://bugzilla.redhat.com/show_bug.cgi?id=2040846	external
https://www.cve.org/CVERecord?id=CVE-2021-44532	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44532	external
https://access.redhat.com/security/cve/CVE-2021-44533	self
https://bugzilla.redhat.com/show_bug.cgi?id=2040856	external
https://www.cve.org/CVERecord?id=CVE-2021-44533	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44533	external
https://access.redhat.com/security/cve/CVE-2021-44906	self
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://www.cve.org/CVERecord?id=CVE-2021-44906	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44906	external
https://github.com/advisories/GHSA-xvch-5gv4-984h	external
https://access.redhat.com/security/cve/CVE-2022-0235	self
https://bugzilla.redhat.com/show_bug.cgi?id=2044591	external
https://www.cve.org/CVERecord?id=CVE-2022-0235	external
https://nvd.nist.gov/vuln/detail/CVE-2022-0235	external
https://huntr.dev/bounties/d26ab655-38d6-48b3-be1…	external
https://access.redhat.com/security/cve/CVE-2022-3517	self
https://bugzilla.redhat.com/show_bug.cgi?id=2134609	external
https://www.cve.org/CVERecord?id=CVE-2022-3517	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3517	external
https://access.redhat.com/security/cve/CVE-2022-4904	self
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://www.cve.org/CVERecord?id=CVE-2022-4904	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4904	external
https://github.com/c-ares/c-ares/issues/496	external
https://access.redhat.com/security/cve/CVE-2022-21824	self
https://bugzilla.redhat.com/show_bug.cgi?id=2040862	external
https://www.cve.org/CVERecord?id=CVE-2022-21824	external
https://nvd.nist.gov/vuln/detail/CVE-2022-21824	external
https://access.redhat.com/security/cve/CVE-2022-24999	self
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://www.cve.org/CVERecord?id=CVE-2022-24999	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24999	external
https://github.com/expressjs/express/releases/tag…	external
https://github.com/ljharb/qs/pull/428	external
https://github.com/n8tz/CVE-2022-24999	external
https://access.redhat.com/security/cve/CVE-2022-25881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://www.cve.org/CVERecord?id=CVE-2022-25881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25881	external
https://access.redhat.com/security/cve/CVE-2022-35256	self
https://bugzilla.redhat.com/show_bug.cgi?id=2130518	external
https://www.cve.org/CVERecord?id=CVE-2022-35256	external
https://nvd.nist.gov/vuln/detail/CVE-2022-35256	external
https://nodejs.org/en/blog/vulnerability/septembe…	external
https://access.redhat.com/security/cve/CVE-2022-38900	self
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://www.cve.org/CVERecord?id=CVE-2022-38900	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38900	external
https://github.com/SamVerschueren/decode-uri-comp…	external
https://github.com/advisories/GHSA-w573-4hg7-7wgq	external
https://access.redhat.com/security/cve/CVE-2022-43548	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140911	external
https://www.cve.org/CVERecord?id=CVE-2022-43548	external
https://nvd.nist.gov/vuln/detail/CVE-2022-43548	external
https://nodejs.org/en/blog/vulnerability/november…	external
https://access.redhat.com/security/cve/CVE-2023-23918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://www.cve.org/CVERecord?id=CVE-2023-23918	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23918	external
https://access.redhat.com/security/cve/CVE-2023-23920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://www.cve.org/CVERecord?id=CVE-2023-23920	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23920	external

Acknowledgments

VVX7

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1742",
        "url": "https://access.redhat.com/errata/RHSA-2023:1742"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2040839",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839"
      },
      {
        "category": "external",
        "summary": "2040846",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846"
      },
      {
        "category": "external",
        "summary": "2040856",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856"
      },
      {
        "category": "external",
        "summary": "2040862",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862"
      },
      {
        "category": "external",
        "summary": "2044591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
      },
      {
        "category": "external",
        "summary": "2066009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
      },
      {
        "category": "external",
        "summary": "2130518",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
      },
      {
        "category": "external",
        "summary": "2134609",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
      },
      {
        "category": "external",
        "summary": "2140911",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
      },
      {
        "category": "external",
        "summary": "2142822",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142822"
      },
      {
        "category": "external",
        "summary": "2150323",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2165824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
      },
      {
        "category": "external",
        "summary": "2168631",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
      },
      {
        "category": "external",
        "summary": "2170644",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
      },
      {
        "category": "external",
        "summary": "2171935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
      },
      {
        "category": "external",
        "summary": "2172217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
      },
      {
        "category": "external",
        "summary": "2175827",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175827"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1742.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-25T02:55:25+00:00",
      "generator": {
        "date": "2026-06-25T02:55:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2023:1742",
      "initial_release_date": "2023-04-12T15:04:47+00:00",
      "revision_history": [
        {
          "date": "2023-04-12T15:04:47+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-04-12T15:04:47+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T02:55:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
                  "product_id": "AppStream-8.6.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=src\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=src\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch (nodejs:14)",
                  "product_id": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=noarch\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14"
        },
        "product_reference": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
          "product_id": "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2021-44531",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2022-01-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2040839"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: Improper handling of URI Subject Alternative Names",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44531"
        },
        {
          "category": "external",
          "summary": "RHBZ#2040839",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
        }
      ],
      "release_date": "2022-01-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: Improper handling of URI Subject Alternative Names"
    },
    {
      "cve": "CVE-2021-44532",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2022-01-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2040846"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: Certificate Verification Bypass via String Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44532"
        },
        {
          "category": "external",
          "summary": "RHBZ#2040846",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
        }
      ],
      "release_date": "2022-01-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: Certificate Verification Bypass via String Injection"
    },
    {
      "cve": "CVE-2021-44533",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2022-01-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2040856"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: Incorrect handling of certificate subject and issuer fields",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44533"
        },
        {
          "category": "external",
          "summary": "RHBZ#2040856",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
        }
      ],
      "release_date": "2022-01-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: Incorrect handling of certificate subject and issuer fields"
    },
    {
      "cve": "CVE-2021-44906",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2066009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "minimist: prototype pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2066009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
        }
      ],
      "release_date": "2022-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "minimist: prototype pollution"
    },
    {
      "cve": "CVE-2022-0235",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2022-01-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2044591"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-fetch: exposure of sensitive information to an unauthorized actor",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "RHBZ#2044591",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
          "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
        }
      ],
      "release_date": "2022-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-fetch: exposure of sensitive information to an unauthorized actor"
    },
    {
      "cve": "CVE-2022-3517",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2022-06-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2134609"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-minimatch: ReDoS via the braceExpand function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3517"
        },
        {
          "category": "external",
          "summary": "RHBZ#2134609",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517"
        }
      ],
      "release_date": "2022-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-minimatch: ReDoS via the braceExpand function"
    },
    {
      "cve": "CVE-2022-4904",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2023-02-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2168631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "RHBZ#2168631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/issues/496",
          "url": "https://github.com/c-ares/c-ares/issues/496"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
    },
    {
      "cve": "CVE-2022-21824",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2022-01-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2040862"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: Prototype pollution via console.table properties",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21824"
        },
        {
          "category": "external",
          "summary": "RHBZ#2040862",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
        }
      ],
      "release_date": "2022-01-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs: Prototype pollution via console.table properties"
    },
    {
      "cve": "CVE-2022-24999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150323"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "express: \"qs\" prototype poisoning causes the hang of the node process",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150323",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
          "url": "https://github.com/expressjs/express/releases/tag/4.17.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/pull/428",
          "url": "https://github.com/ljharb/qs/pull/428"
        },
        {
          "category": "external",
          "summary": "https://github.com/n8tz/CVE-2022-24999",
          "url": "https://github.com/n8tz/CVE-2022-24999"
        }
      ],
      "release_date": "2022-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "express: \"qs\" prototype poisoning causes the hang of the node process"
    },
    {
      "cve": "CVE-2022-25881",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "VVX7"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-35256",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-09-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2130518"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-35256"
        },
        {
          "category": "external",
          "summary": "RHBZ#2130518",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256",
          "url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256"
        }
      ],
      "release_date": "2022-09-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields"
    },
    {
      "cve": "CVE-2022-38900",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2023-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2170644"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "decode-uri-component: improper input validation resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "RHBZ#2170644",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
          "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
          "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
        }
      ],
      "release_date": "2022-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "decode-uri-component: improper input validation resulting in DoS"
    },
    {
      "cve": "CVE-2022-43548",
      "cwe": {
        "id": "CWE-350",
        "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
      },
      "discovery_date": "2022-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140911"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: DNS rebinding in inspect via invalid octal IP address",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Redhat has marked this vulnerability as moderate for two primary reasons.\n1. The vulnerable inspect functionality might not be enabled, exposed, or reachable in many deployments.\n\n2.The code path might require very specific configurations or conditions (e.g. DNS rebinding, certain host/IP setups) that are rare in default environments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140911",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548",
          "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548"
        }
      ],
      "release_date": "2022-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: DNS rebinding in inspect via invalid octal IP address"
    },
    {
      "cve": "CVE-2023-23918",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171935"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Permissions policies can be bypassed via process.mainModule",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171935",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        },
        {
          "category": "workaround",
          "details": "Turn off the --experimental-policy in your Node.js deployment.",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Permissions policies can be bypassed via process.mainModule"
    },
    {
      "cve": "CVE-2023-23920",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172217"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
          "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172217",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:04:47+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1742"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
            "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
    }
  ]
}

RHSA-2023:1743

Vulnerability from csaf_redhat - Published: 2023-04-12 15:03 - Updated: 2026-06-25 02:55

Summary

Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

Severity

Important

Notes

Topic: An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-3517

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4904

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-25881

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38900

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-23918

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-23920

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CWE-426 - Untrusted Search Path

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

References

43 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1743	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134609	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2175826	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2022-3517	self
https://bugzilla.redhat.com/show_bug.cgi?id=2134609	external
https://www.cve.org/CVERecord?id=CVE-2022-3517	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3517	external
https://access.redhat.com/security/cve/CVE-2022-4904	self
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://www.cve.org/CVERecord?id=CVE-2022-4904	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4904	external
https://github.com/c-ares/c-ares/issues/496	external
https://access.redhat.com/security/cve/CVE-2022-25881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://www.cve.org/CVERecord?id=CVE-2022-25881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25881	external
https://access.redhat.com/security/cve/CVE-2022-38900	self
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://www.cve.org/CVERecord?id=CVE-2022-38900	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38900	external
https://github.com/SamVerschueren/decode-uri-comp…	external
https://github.com/advisories/GHSA-w573-4hg7-7wgq	external
https://access.redhat.com/security/cve/CVE-2023-23918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://www.cve.org/CVERecord?id=CVE-2023-23918	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23918	external
https://access.redhat.com/security/cve/CVE-2023-23920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://www.cve.org/CVERecord?id=CVE-2023-23920	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23920	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1743",
        "url": "https://access.redhat.com/errata/RHSA-2023:1743"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2134609",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2165824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
      },
      {
        "category": "external",
        "summary": "2168631",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
      },
      {
        "category": "external",
        "summary": "2170644",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
      },
      {
        "category": "external",
        "summary": "2171935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
      },
      {
        "category": "external",
        "summary": "2172217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
      },
      {
        "category": "external",
        "summary": "2175826",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175826"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1743.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-25T02:55:26+00:00",
      "generator": {
        "date": "2026-06-25T02:55:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2023:1743",
      "initial_release_date": "2023-04-12T15:03:07+00:00",
      "revision_history": [
        {
          "date": "2023-04-12T15:03:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-04-12T15:03:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T02:55:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.7.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=src\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=src\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch (nodejs:14)",
                  "product_id": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=noarch\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14)",
                  "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14)",
                  "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8070020230306170042:bd1311ed"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14"
        },
        "product_reference": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:03:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1743"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2022-3517",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2022-06-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2134609"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-minimatch: ReDoS via the braceExpand function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3517"
        },
        {
          "category": "external",
          "summary": "RHBZ#2134609",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517"
        }
      ],
      "release_date": "2022-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:03:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1743"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-minimatch: ReDoS via the braceExpand function"
    },
    {
      "cve": "CVE-2022-4904",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2023-02-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2168631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "RHBZ#2168631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/issues/496",
          "url": "https://github.com/c-ares/c-ares/issues/496"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:03:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1743"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
    },
    {
      "cve": "CVE-2022-25881",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:03:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1743"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
    },
    {
      "cve": "CVE-2022-38900",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2023-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2170644"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "decode-uri-component: improper input validation resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "RHBZ#2170644",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
          "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
          "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
        }
      ],
      "release_date": "2022-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:03:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1743"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "decode-uri-component: improper input validation resulting in DoS"
    },
    {
      "cve": "CVE-2023-23918",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171935"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Permissions policies can be bypassed via process.mainModule",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171935",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:03:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1743"
        },
        {
          "category": "workaround",
          "details": "Turn off the --experimental-policy in your Node.js deployment.",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Permissions policies can be bypassed via process.mainModule"
    },
    {
      "cve": "CVE-2023-23920",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172217"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
          "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172217",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-12T15:03:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1743"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x::nodejs:14",
            "AppStream-8.7.0.Z.MAIN:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
    }
  ]
}

RHSA-2023:2654

Vulnerability from csaf_redhat - Published: 2023-05-09 11:51 - Updated: 2026-06-25 02:55

Summary

Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

Severity

Moderate

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4904

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-25881

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-23918

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-23919

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-23920

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CWE-426 - Untrusted Search Path

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-23936

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-24807

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18	—	Vendor Fix fix

Threats

Impact Low

References

46 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:2654	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172170	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172190	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172204	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2178088	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2022-4904	self
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://www.cve.org/CVERecord?id=CVE-2022-4904	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4904	external
https://github.com/c-ares/c-ares/issues/496	external
https://access.redhat.com/security/cve/CVE-2022-25881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://www.cve.org/CVERecord?id=CVE-2022-25881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25881	external
https://access.redhat.com/security/cve/CVE-2023-23918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://www.cve.org/CVERecord?id=CVE-2023-23918	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23918	external
https://access.redhat.com/security/cve/CVE-2023-23919	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172170	external
https://www.cve.org/CVERecord?id=CVE-2023-23919	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23919	external
https://access.redhat.com/security/cve/CVE-2023-23920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://www.cve.org/CVERecord?id=CVE-2023-23920	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23920	external
https://access.redhat.com/security/cve/CVE-2023-23936	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172190	external
https://www.cve.org/CVERecord?id=CVE-2023-23936	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23936	external
https://access.redhat.com/security/cve/CVE-2023-24807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172204	external
https://www.cve.org/CVERecord?id=CVE-2023-24807	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24807	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (18.14.2).\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: OpenSSL error handling issues in nodejs crypto library (CVE-2023-23919)\n\n* Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\n* Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:2654",
        "url": "https://access.redhat.com/errata/RHSA-2023:2654"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2165824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
      },
      {
        "category": "external",
        "summary": "2168631",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
      },
      {
        "category": "external",
        "summary": "2171935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
      },
      {
        "category": "external",
        "summary": "2172170",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172170"
      },
      {
        "category": "external",
        "summary": "2172190",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172190"
      },
      {
        "category": "external",
        "summary": "2172204",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172204"
      },
      {
        "category": "external",
        "summary": "2172217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
      },
      {
        "category": "external",
        "summary": "2178088",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178088"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2654.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-25T02:55:26+00:00",
      "generator": {
        "date": "2026-06-25T02:55:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2023:2654",
      "initial_release_date": "2023-05-09T11:51:08+00:00",
      "revision_history": [
        {
          "date": "2023-05-09T11:51:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-05-09T11:51:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T02:55:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.2.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18)",
                  "product_id": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.5.0-1.18.14.2.2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=src\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=src\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=noarch\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18)",
                  "product_id": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.5.0-1.18.14.2.2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18)",
                  "product_id": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.5.0-1.18.14.2.2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.14.2-2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18)",
                  "product_id": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.5.0-1.18.14.2.2.module%2Bel9.2.0.z%2B18497%2Ba402347c?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020230327152102:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18"
        },
        "product_reference": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2654"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2022-4904",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2023-02-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2168631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "RHBZ#2168631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/issues/496",
          "url": "https://github.com/c-ares/c-ares/issues/496"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2654"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
    },
    {
      "cve": "CVE-2022-25881",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2654"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
    },
    {
      "cve": "CVE-2023-23918",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171935"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Permissions policies can be bypassed via process.mainModule",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171935",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2654"
        },
        {
          "category": "workaround",
          "details": "Turn off the --experimental-policy in your Node.js deployment.",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Permissions policies can be bypassed via process.mainModule"
    },
    {
      "cve": "CVE-2023-23919",
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172170"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: OpenSSL error handling issues in nodejs crypto library",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability has been rated as moderate by Redhat for several reasons,first and foremost being that in order for the stack to crash,same thread would have to be used by the application which is a complexity outside the hands of attacker because in node.js workloads may be isolated or not happen sequentially on the same thread, reducing exposure,moreover the exploitation might lead to denial of service and poses no threat to confidentiality or integrity of the system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23919"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172170",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172170"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2654"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: OpenSSL error handling issues in nodejs crypto library"
    },
    {
      "cve": "CVE-2023-23920",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172217"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172217",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2654"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
    },
    {
      "cve": "CVE-2023-23936",
      "cwe": {
        "id": "CWE-93",
        "name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172190"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the \u0027host\u0027 header. This issue could allow HTTP response splitting and HTTP header injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Fetch API did not protect against CRLF injection in host headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23936"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172190",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172190"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2654"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Fetch API did not protect against CRLF injection in host headers"
    },
    {
      "cve": "CVE-2023-24807",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172204"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Regular Expression Denial of Service in Headers fetch API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172204",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172204"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2654"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-devel-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.14.2-2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-2.module+el9.2.0.z+18497+a402347c.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.s390x::nodejs:18",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: Regular Expression Denial of Service in Headers fetch API"
    }
  ]
}

RHSA-2023:2655

Vulnerability from csaf_redhat - Published: 2023-05-09 11:51 - Updated: 2026-06-25 02:55

Summary

Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

Severity

Moderate

Notes

Topic: An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.19.1), nodejs-nodemon (2.0.20). Security Fix(es): * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918) * Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) * Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 36 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4904

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch		—
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src		—

Threats

Impact Moderate

CVE-2022-25881

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch		—
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src		—

Threats

Impact Moderate

CVE-2023-23918

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64	—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch		—	Workaround
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src		—	Workaround

Threats

Impact Moderate

CVE-2023-23920

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CWE-426 - Untrusted Search Path

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch		—
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src		—

Threats

Impact Low

CVE-2023-23936

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch		—
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src		—

Threats

Impact Moderate

CVE-2023-24807

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch		—
Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src		—

Threats

Impact Low

References

40 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:2655	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172190	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172204	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2178076	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2022-4904	self
https://bugzilla.redhat.com/show_bug.cgi?id=2168631	external
https://www.cve.org/CVERecord?id=CVE-2022-4904	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4904	external
https://github.com/c-ares/c-ares/issues/496	external
https://access.redhat.com/security/cve/CVE-2022-25881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2165824	external
https://www.cve.org/CVERecord?id=CVE-2022-25881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25881	external
https://access.redhat.com/security/cve/CVE-2023-23918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2171935	external
https://www.cve.org/CVERecord?id=CVE-2023-23918	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23918	external
https://access.redhat.com/security/cve/CVE-2023-23920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172217	external
https://www.cve.org/CVERecord?id=CVE-2023-23920	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23920	external
https://access.redhat.com/security/cve/CVE-2023-23936	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172190	external
https://www.cve.org/CVERecord?id=CVE-2023-23936	external
https://nvd.nist.gov/vuln/detail/CVE-2023-23936	external
https://access.redhat.com/security/cve/CVE-2023-24807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172204	external
https://www.cve.org/CVERecord?id=CVE-2023-24807	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24807	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.19.1), nodejs-nodemon (2.0.20).\n\nSecurity Fix(es):\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\n* Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:2655",
        "url": "https://access.redhat.com/errata/RHSA-2023:2655"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2165824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
      },
      {
        "category": "external",
        "summary": "2168631",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
      },
      {
        "category": "external",
        "summary": "2171935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
      },
      {
        "category": "external",
        "summary": "2172190",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172190"
      },
      {
        "category": "external",
        "summary": "2172204",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172204"
      },
      {
        "category": "external",
        "summary": "2172217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
      },
      {
        "category": "external",
        "summary": "2178076",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178076"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2655.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-25T02:55:27+00:00",
      "generator": {
        "date": "2026-06-25T02:55:27+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2023:2655",
      "initial_release_date": "2023-05-09T11:51:16+00:00",
      "revision_history": [
        {
          "date": "2023-05-09T11:51:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-05-09T11:51:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T02:55:27+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.2.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.el9_2.src",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.el9_2.src",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.el9_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.el9_2?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.el9_2.src",
                "product": {
                  "name": "nodejs-1:16.19.1-1.el9_2.src",
                  "product_id": "nodejs-1:16.19.1-1.el9_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
                  "product_id": "nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.el9_2?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-docs-1:16.19.1-1.el9_2.noarch",
                "product": {
                  "name": "nodejs-docs-1:16.19.1-1.el9_2.noarch",
                  "product_id": "nodejs-docs-1:16.19.1-1.el9_2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.el9_2.aarch64",
                "product": {
                  "name": "nodejs-1:16.19.1-1.el9_2.aarch64",
                  "product_id": "nodejs-1:16.19.1-1.el9_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
                  "product_id": "nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.19.1-1.el9_2.aarch64",
                "product": {
                  "name": "nodejs-libs-1:16.19.1-1.el9_2.aarch64",
                  "product_id": "nodejs-libs-1:16.19.1-1.el9_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
                "product": {
                  "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
                  "product_id": "npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.el9_2?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.el9_2?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
                  "product_id": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.19.1-1.el9_2?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.el9_2.ppc64le",
                "product": {
                  "name": "nodejs-1:16.19.1-1.el9_2.ppc64le",
                  "product_id": "nodejs-1:16.19.1-1.el9_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
                  "product_id": "nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
                "product": {
                  "name": "nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
                  "product_id": "nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
                "product": {
                  "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
                  "product_id": "npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.el9_2?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.el9_2?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
                  "product_id": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.19.1-1.el9_2?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.el9_2.x86_64",
                "product": {
                  "name": "nodejs-1:16.19.1-1.el9_2.x86_64",
                  "product_id": "nodejs-1:16.19.1-1.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
                  "product_id": "nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.19.1-1.el9_2.x86_64",
                "product": {
                  "name": "nodejs-libs-1:16.19.1-1.el9_2.x86_64",
                  "product_id": "nodejs-libs-1:16.19.1-1.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64",
                "product": {
                  "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64",
                  "product_id": "npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.el9_2?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.el9_2?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
                  "product_id": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.19.1-1.el9_2?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.19.1-1.el9_2.i686",
                "product": {
                  "name": "nodejs-libs-1:16.19.1-1.el9_2.i686",
                  "product_id": "nodejs-libs-1:16.19.1-1.el9_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.el9_2.i686",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.el9_2.i686",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.el9_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.el9_2?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.el9_2?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
                  "product_id": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.19.1-1.el9_2?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.19.1-1.el9_2.s390x",
                "product": {
                  "name": "nodejs-1:16.19.1-1.el9_2.s390x",
                  "product_id": "nodejs-1:16.19.1-1.el9_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
                  "product_id": "nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.19.1-1.el9_2.s390x",
                "product": {
                  "name": "nodejs-libs-1:16.19.1-1.el9_2.s390x",
                  "product_id": "nodejs-libs-1:16.19.1-1.el9_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
                "product": {
                  "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
                  "product_id": "npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
                  "product_id": "nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.19.1-1.el9_2?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
                  "product_id": "nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.19.1-1.el9_2?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
                  "product_id": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.19.1-1.el9_2?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64"
        },
        "product_reference": "nodejs-1:16.19.1-1.el9_2.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le"
        },
        "product_reference": "nodejs-1:16.19.1-1.el9_2.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x"
        },
        "product_reference": "nodejs-1:16.19.1-1.el9_2.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src"
        },
        "product_reference": "nodejs-1:16.19.1-1.el9_2.src",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.19.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64"
        },
        "product_reference": "nodejs-1:16.19.1-1.el9_2.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.el9_2.i686",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.19.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:16.19.1-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch"
        },
        "product_reference": "nodejs-docs-1:16.19.1-1.el9_2.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.19.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64"
        },
        "product_reference": "nodejs-libs-1:16.19.1-1.el9_2.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.19.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686"
        },
        "product_reference": "nodejs-libs-1:16.19.1-1.el9_2.i686",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.19.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le"
        },
        "product_reference": "nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.19.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x"
        },
        "product_reference": "nodejs-libs-1:16.19.1-1.el9_2.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.19.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64"
        },
        "product_reference": "nodejs-libs-1:16.19.1-1.el9_2.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.20-3.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
        },
        "product_reference": "nodejs-nodemon-0:2.0.20-3.el9_2.src",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64"
        },
        "product_reference": "npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le"
        },
        "product_reference": "npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x"
        },
        "product_reference": "npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
        },
        "product_reference": "npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2655"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2022-4904",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2023-02-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2168631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "RHBZ#2168631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/issues/496",
          "url": "https://github.com/c-ares/c-ares/issues/496"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2655"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
    },
    {
      "cve": "CVE-2022-25881",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2165824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2165824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2655"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
    },
    {
      "cve": "CVE-2023-23918",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171935"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Permissions policies can be bypassed via process.mainModule",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171935",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2655"
        },
        {
          "category": "workaround",
          "details": "Turn off the --experimental-policy in your Node.js deployment.",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Permissions policies can be bypassed via process.mainModule"
    },
    {
      "cve": "CVE-2023-23920",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172217"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172217",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2655"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
    },
    {
      "cve": "CVE-2023-23936",
      "cwe": {
        "id": "CWE-93",
        "name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172190"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the \u0027host\u0027 header. This issue could allow HTTP response splitting and HTTP header injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Fetch API did not protect against CRLF injection in host headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-23936"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172190",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172190"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2655"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Node.js: Fetch API did not protect against CRLF injection in host headers"
    },
    {
      "cve": "CVE-2023-24807",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172204"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Node.js: Regular Expression Denial of Service in Headers fetch API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172204",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172204"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
        }
      ],
      "release_date": "2023-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-09T11:51:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2655"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-debugsource-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-docs-1:16.19.1-1.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.i686",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.19.1-1.el9_2.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.20-3.el9_2.src",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:npm-1:8.19.3-1.16.19.1.1.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Node.js: Regular Expression Denial of Service in Headers fetch API"
    }
  ]
}

RHSA-2023_0612

Vulnerability from csaf_redhat - Published: 2023-02-06 19:42 - Updated: 2024-12-17 23:01

Summary

Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update

Severity

Moderate

Notes

Topic: An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.21.1), rh-nodejs14-nodejs-nodemon (2.0.20). (BZ#2129806, BZ#2135519, BZ#2135520, BZ#2141022) Security Fix(es): * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * minimist: prototype pollution (CVE-2021-44906) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) * express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999) * nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rh-nodejs14-nodejs: Provide full-i18n subpackage (BZ#2009880)

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 38 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-44906

An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 38 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-0235

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 38 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-3517

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 38 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-24999

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 38 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-43548

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

Affected products

Fixed 38 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

References

42 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:0612	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2009880	external
https://bugzilla.redhat.com/show_bug.cgi?id=2044591	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129806	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134609	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140911	external
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2021-44906	self
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://www.cve.org/CVERecord?id=CVE-2021-44906	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44906	external
https://github.com/advisories/GHSA-xvch-5gv4-984h	external
https://access.redhat.com/security/cve/CVE-2022-0235	self
https://bugzilla.redhat.com/show_bug.cgi?id=2044591	external
https://www.cve.org/CVERecord?id=CVE-2022-0235	external
https://nvd.nist.gov/vuln/detail/CVE-2022-0235	external
https://huntr.dev/bounties/d26ab655-38d6-48b3-be1…	external
https://access.redhat.com/security/cve/CVE-2022-3517	self
https://bugzilla.redhat.com/show_bug.cgi?id=2134609	external
https://www.cve.org/CVERecord?id=CVE-2022-3517	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3517	external
https://access.redhat.com/security/cve/CVE-2022-24999	self
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://www.cve.org/CVERecord?id=CVE-2022-24999	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24999	external
https://github.com/expressjs/express/releases/tag…	external
https://github.com/ljharb/qs/pull/428	external
https://github.com/n8tz/CVE-2022-24999	external
https://access.redhat.com/security/cve/CVE-2022-43548	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140911	external
https://www.cve.org/CVERecord?id=CVE-2022-43548	external
https://nvd.nist.gov/vuln/detail/CVE-2022-43548	external
https://nodejs.org/en/blog/vulnerability/november…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.21.1), rh-nodejs14-nodejs-nodemon (2.0.20). (BZ#2129806, BZ#2135519, BZ#2135520, BZ#2141022)\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rh-nodejs14-nodejs: Provide full-i18n subpackage (BZ#2009880)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0612",
        "url": "https://access.redhat.com/errata/RHSA-2023:0612"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2009880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009880"
      },
      {
        "category": "external",
        "summary": "2044591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
      },
      {
        "category": "external",
        "summary": "2066009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
      },
      {
        "category": "external",
        "summary": "2129806",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129806"
      },
      {
        "category": "external",
        "summary": "2134609",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
      },
      {
        "category": "external",
        "summary": "2140911",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
      },
      {
        "category": "external",
        "summary": "2150323",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0612.json"
      }
    ],
    "title": "Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update",
    "tracking": {
      "current_release_date": "2024-12-17T23:01:00+00:00",
      "generator": {
        "date": "2024-12-17T23:01:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2023:0612",
      "initial_release_date": "2023-02-06T19:42:24+00:00",
      "revision_history": [
        {
          "date": "2023-02-06T19:42:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-02-06T19:42:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T23:01:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
                "product": {
                  "name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
                  "product_id": "7Server-RHSCL-3.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for RHEL(v. 7)",
                "product": {
                  "name": "Red Hat Software Collections for RHEL(v. 7)",
                  "product_id": "7Workstation-RHSCL-3.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Software Collections"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
                "product": {
                  "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
                  "product_id": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.20-2.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
                "product": {
                  "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
                  "product_id": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
                "product": {
                  "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
                  "product_id": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.20-2.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
                "product": {
                  "name": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
                  "product_id": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-docs@14.21.1-3.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
                "product": {
                  "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
                  "product_id": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
                "product": {
                  "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
                  "product_id": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.1-3.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
                "product": {
                  "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
                  "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.1-3.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
                "product": {
                  "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
                  "product_id": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.21.1.3.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
                "product": {
                  "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
                  "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.1-3.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
                "product": {
                  "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
                  "product_id": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3.el7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
                "product": {
                  "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
                  "product_id": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.1-3.el7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
                "product": {
                  "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
                  "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.1-3.el7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
                "product": {
                  "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
                  "product_id": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.21.1.3.el7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
                "product": {
                  "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
                  "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.1-3.el7?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
                "product": {
                  "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
                  "product_id": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
                "product": {
                  "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
                  "product_id": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.1-3.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
                "product": {
                  "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
                  "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.1-3.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
                "product": {
                  "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
                  "product_id": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.21.1.3.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
                "product": {
                  "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
                  "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.1-3.el7?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src"
        },
        "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch"
        },
        "product_reference": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch"
        },
        "product_reference": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src"
        },
        "product_reference": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
          "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src"
        },
        "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch"
        },
        "product_reference": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch"
        },
        "product_reference": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src"
        },
        "product_reference": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le"
        },
        "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x"
        },
        "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
          "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
        },
        "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-3.8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-06T19:42:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0612"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2021-44906",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2066009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "minimist: prototype pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2066009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
        }
      ],
      "release_date": "2022-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-06T19:42:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0612"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "minimist: prototype pollution"
    },
    {
      "cve": "CVE-2022-0235",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2022-01-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2044591"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-fetch: exposure of sensitive information to an unauthorized actor",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "RHBZ#2044591",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
          "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
        }
      ],
      "release_date": "2022-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-06T19:42:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0612"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-fetch: exposure of sensitive information to an unauthorized actor"
    },
    {
      "cve": "CVE-2022-3517",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2022-06-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2134609"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-minimatch: ReDoS via the braceExpand function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3517"
        },
        {
          "category": "external",
          "summary": "RHBZ#2134609",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517"
        }
      ],
      "release_date": "2022-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-06T19:42:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0612"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-minimatch: ReDoS via the braceExpand function"
    },
    {
      "cve": "CVE-2022-24999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150323"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "express: \"qs\" prototype poisoning causes the hang of the node process",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150323",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
          "url": "https://github.com/expressjs/express/releases/tag/4.17.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/pull/428",
          "url": "https://github.com/ljharb/qs/pull/428"
        },
        {
          "category": "external",
          "summary": "https://github.com/n8tz/CVE-2022-24999",
          "url": "https://github.com/n8tz/CVE-2022-24999"
        }
      ],
      "release_date": "2022-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-06T19:42:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0612"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "express: \"qs\" prototype poisoning causes the hang of the node process"
    },
    {
      "cve": "CVE-2022-43548",
      "cwe": {
        "id": "CWE-350",
        "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
      },
      "discovery_date": "2022-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140911"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: DNS rebinding in inspect via invalid octal IP address",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
          "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
          "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140911",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548",
          "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548"
        }
      ],
      "release_date": "2022-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-06T19:42:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0612"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch",
            "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x",
            "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: DNS rebinding in inspect via invalid octal IP address"
    }
  ]
}

RHSA-2023_0634

Vulnerability from csaf_redhat - Published: 2023-02-09 14:01 - Updated: 2024-12-17 22:09

Summary

Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

Severity

Moderate

Notes

Topic: Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Logging Subsystem 5.6.1 - Red Hat OpenShift Security Fix(es): * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64	—	Vendor Fix fix

Known not affected 59 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le		—

Threats

Impact Moderate

CVE-2022-46175

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64	—	Vendor Fix fix

Known not affected 59 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64		—
Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le		—

Threats

Impact Moderate

References

22 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:0634	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://issues.redhat.com/browse/LOG-3397	external
https://issues.redhat.com/browse/LOG-3441	external
https://issues.redhat.com/browse/LOG-3463	external
https://issues.redhat.com/browse/LOG-3477	external
https://issues.redhat.com/browse/LOG-3494	external
https://issues.redhat.com/browse/LOG-3496	external
https://issues.redhat.com/browse/LOG-3510	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2022-46175	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://www.cve.org/CVERecord?id=CVE-2022-46175	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46175	external
https://github.com/json5/json5/security/advisorie…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Logging Subsystem 5.6.1 - Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Logging Subsystem 5.6.1 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0634",
        "url": "https://access.redhat.com/errata/RHSA-2023:0634"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2156263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "LOG-3397",
        "url": "https://issues.redhat.com/browse/LOG-3397"
      },
      {
        "category": "external",
        "summary": "LOG-3441",
        "url": "https://issues.redhat.com/browse/LOG-3441"
      },
      {
        "category": "external",
        "summary": "LOG-3463",
        "url": "https://issues.redhat.com/browse/LOG-3463"
      },
      {
        "category": "external",
        "summary": "LOG-3477",
        "url": "https://issues.redhat.com/browse/LOG-3477"
      },
      {
        "category": "external",
        "summary": "LOG-3494",
        "url": "https://issues.redhat.com/browse/LOG-3494"
      },
      {
        "category": "external",
        "summary": "LOG-3496",
        "url": "https://issues.redhat.com/browse/LOG-3496"
      },
      {
        "category": "external",
        "summary": "LOG-3510",
        "url": "https://issues.redhat.com/browse/LOG-3510"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0634.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update",
    "tracking": {
      "current_release_date": "2024-12-17T22:09:54+00:00",
      "generator": {
        "date": "2024-12-17T22:09:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2023:0634",
      "initial_release_date": "2023-02-09T14:01:04+00:00",
      "revision_history": [
        {
          "date": "2023-02-09T14:01:04+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-02-09T14:01:04+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:09:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHOL 5.6 for RHEL 8",
                "product": {
                  "name": "RHOL 5.6 for RHEL 8",
                  "product_id": "8Base-RHOL-5.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.6::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "logging for Red Hat OpenShift"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.1-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-275"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-80"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
                  "product_id": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
                "product": {
                  "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
                  "product_id": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
                  "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
                "product": {
                  "name": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
                  "product_id": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.1-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
                "product": {
                  "name": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
                  "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-136"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
                "product": {
                  "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
                  "product_id": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.1-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-275"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-80"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
                "product": {
                  "name": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
                  "product_id": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
                "product": {
                  "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
                  "product_id": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
                "product": {
                  "name": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
                  "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
                "product": {
                  "name": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
                  "product_id": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.1-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
                "product": {
                  "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
                  "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-136"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
                "product": {
                  "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
                  "product_id": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.1-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.6.1-40"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.6.1-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-275"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-80"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
                "product": {
                  "name": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
                  "product_id": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
                "product": {
                  "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
                  "product_id": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64",
                "product": {
                  "name": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64",
                  "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
                "product": {
                  "name": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
                  "product_id": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.6.1-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
                "product": {
                  "name": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
                  "product_id": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.1-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
                "product": {
                  "name": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
                  "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-136"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
                "product": {
                  "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
                  "product_id": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.1-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-275"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-80"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
                "product": {
                  "name": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
                  "product_id": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
                "product": {
                  "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
                  "product_id": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
                "product": {
                  "name": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
                  "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
                "product": {
                  "name": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
                  "product_id": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.1-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
                "product": {
                  "name": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
                  "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-136"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
                "product": {
                  "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
                  "product_id": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x"
        },
        "product_reference": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64"
        },
        "product_reference": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64"
        },
        "product_reference": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le"
        },
        "product_reference": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x"
        },
        "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le"
        },
        "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64"
        },
        "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64"
        },
        "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64"
        },
        "product_reference": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64"
        },
        "product_reference": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64"
        },
        "product_reference": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le"
        },
        "product_reference": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x"
        },
        "product_reference": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le"
        },
        "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64"
        },
        "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x"
        },
        "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64"
        },
        "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x"
        },
        "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64"
        },
        "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64"
        },
        "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le"
        },
        "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64"
        },
        "product_reference": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x"
        },
        "product_reference": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64"
        },
        "product_reference": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le as a component of RHOL 5.6 for RHEL 8",
          "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
        },
        "product_reference": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
          "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
          "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
          "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
          "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
          "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
          "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
          "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
          "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
          "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
          "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
          "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
          "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
          "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
          "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
          "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
          "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
          "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
          "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
          "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
          "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
          "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
          "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
          "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
          "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
          "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
          "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
          "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
          "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
          "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
          "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
          "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
          "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
          "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
          "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-09T14:01:04+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0634"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2022-46175",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json5: Prototype Pollution in JSON5 via Parse Method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
          "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
          "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
          "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
          "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
          "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
          "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
          "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
          "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
          "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
          "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
          "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
          "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
          "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
          "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
          "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
          "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
          "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
          "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
          "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
          "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
          "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
          "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
          "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
          "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
          "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
          "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
          "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
          "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
          "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
          "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
          "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
          "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
          "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
          "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
          "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
          "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
          "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
        }
      ],
      "release_date": "2022-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-09T14:01:04+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0634"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x",
            "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
            "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64",
            "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64",
            "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x",
            "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
            "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
            "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "json5: Prototype Pollution in JSON5 via Parse Method"
    }
  ]
}

RHSA-2023_0934

Vulnerability from csaf_redhat - Published: 2023-02-28 00:50 - Updated: 2024-12-17 23:01

Summary

Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Severity

Important

Notes

Topic: Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Migration Toolkit for Applications 6.0.1 Images Security Fix(es) from Bugzilla: * loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601) * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) * gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567) * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999) * loader-utils:Regular expression denial of service (CVE-2022-37603) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-36567

A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-117 - Improper Output Neutralization for Logs

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64	—	Vendor Fix fix

Known not affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64		—

Threats

Impact Moderate

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64		—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64		—

Threats

Impact Moderate

CVE-2022-24999

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64		—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64		—

Threats

Impact Moderate

CVE-2022-37601

A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64		—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64		—

Threats

Impact Moderate

CVE-2022-37603

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-185 - Incorrect Regular Expression

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64		—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64		—

Threats

Impact Moderate

CVE-2022-41717

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64	—	Vendor Fix fix

Known not affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64		—

Threats

Impact Moderate

CVE-2022-42920

An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64		—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64		—

Threats

Impact Important

CVE-2022-46175

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64		—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64		—
Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64		—

Threats

Impact Moderate

References

80 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:0934	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134876	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142707	external
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156683	external
https://bugzilla.redhat.com/show_bug.cgi?id=2161274	external
https://issues.redhat.com/browse/MTA-103	external
https://issues.redhat.com/browse/MTA-106	external
https://issues.redhat.com/browse/MTA-122	external
https://issues.redhat.com/browse/MTA-123	external
https://issues.redhat.com/browse/MTA-127	external
https://issues.redhat.com/browse/MTA-131	external
https://issues.redhat.com/browse/MTA-36	external
https://issues.redhat.com/browse/MTA-44	external
https://issues.redhat.com/browse/MTA-49	external
https://issues.redhat.com/browse/MTA-59	external
https://issues.redhat.com/browse/MTA-65	external
https://issues.redhat.com/browse/MTA-72	external
https://issues.redhat.com/browse/MTA-73	external
https://issues.redhat.com/browse/MTA-74	external
https://issues.redhat.com/browse/MTA-76	external
https://issues.redhat.com/browse/MTA-77	external
https://issues.redhat.com/browse/MTA-80	external
https://issues.redhat.com/browse/MTA-82	external
https://issues.redhat.com/browse/MTA-85	external
https://issues.redhat.com/browse/MTA-88	external
https://issues.redhat.com/browse/MTA-92	external
https://issues.redhat.com/browse/MTA-96	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-36567	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156683	external
https://www.cve.org/CVERecord?id=CVE-2020-36567	external
https://nvd.nist.gov/vuln/detail/CVE-2020-36567	external
https://github.com/gin-gonic/gin/commit/a71af9c14…	external
https://github.com/gin-gonic/gin/pull/2237	external
https://pkg.go.dev/vuln/GO-2020-0001	external
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2022-24999	self
https://bugzilla.redhat.com/show_bug.cgi?id=2150323	external
https://www.cve.org/CVERecord?id=CVE-2022-24999	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24999	external
https://github.com/expressjs/express/releases/tag…	external
https://github.com/ljharb/qs/pull/428	external
https://github.com/n8tz/CVE-2022-24999	external
https://access.redhat.com/security/cve/CVE-2022-37601	self
https://bugzilla.redhat.com/show_bug.cgi?id=2134876	external
https://www.cve.org/CVERecord?id=CVE-2022-37601	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37601	external
https://github.com/webpack/loader-utils/issues/212	external
https://access.redhat.com/security/cve/CVE-2022-37603	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://www.cve.org/CVERecord?id=CVE-2022-37603	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37603	external
https://access.redhat.com/security/cve/CVE-2022-41717	self
https://bugzilla.redhat.com/show_bug.cgi?id=2161274	external
https://www.cve.org/CVERecord?id=CVE-2022-41717	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41717	external
https://go.dev/cl/455635	external
https://go.dev/cl/455717	external
https://go.dev/issue/56350	external
https://groups.google.com/g/golang-announce/c/L_3…	external
https://pkg.go.dev/vuln/GO-2022-1144	external
https://access.redhat.com/security/cve/CVE-2022-42920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2142707	external
https://www.cve.org/CVERecord?id=CVE-2022-42920	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42920	external
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm…	external
https://access.redhat.com/security/cve/CVE-2022-46175	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://www.cve.org/CVERecord?id=CVE-2022-46175	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46175	external
https://github.com/json5/json5/security/advisorie…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Applications 6.0.1 release\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Applications 6.0.1 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0934",
        "url": "https://access.redhat.com/errata/RHSA-2023:0934"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2134876",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
      },
      {
        "category": "external",
        "summary": "2140597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
      },
      {
        "category": "external",
        "summary": "2142707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
      },
      {
        "category": "external",
        "summary": "2150323",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
      },
      {
        "category": "external",
        "summary": "2156263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2156683",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
      },
      {
        "category": "external",
        "summary": "2161274",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
      },
      {
        "category": "external",
        "summary": "MTA-103",
        "url": "https://issues.redhat.com/browse/MTA-103"
      },
      {
        "category": "external",
        "summary": "MTA-106",
        "url": "https://issues.redhat.com/browse/MTA-106"
      },
      {
        "category": "external",
        "summary": "MTA-122",
        "url": "https://issues.redhat.com/browse/MTA-122"
      },
      {
        "category": "external",
        "summary": "MTA-123",
        "url": "https://issues.redhat.com/browse/MTA-123"
      },
      {
        "category": "external",
        "summary": "MTA-127",
        "url": "https://issues.redhat.com/browse/MTA-127"
      },
      {
        "category": "external",
        "summary": "MTA-131",
        "url": "https://issues.redhat.com/browse/MTA-131"
      },
      {
        "category": "external",
        "summary": "MTA-36",
        "url": "https://issues.redhat.com/browse/MTA-36"
      },
      {
        "category": "external",
        "summary": "MTA-44",
        "url": "https://issues.redhat.com/browse/MTA-44"
      },
      {
        "category": "external",
        "summary": "MTA-49",
        "url": "https://issues.redhat.com/browse/MTA-49"
      },
      {
        "category": "external",
        "summary": "MTA-59",
        "url": "https://issues.redhat.com/browse/MTA-59"
      },
      {
        "category": "external",
        "summary": "MTA-65",
        "url": "https://issues.redhat.com/browse/MTA-65"
      },
      {
        "category": "external",
        "summary": "MTA-72",
        "url": "https://issues.redhat.com/browse/MTA-72"
      },
      {
        "category": "external",
        "summary": "MTA-73",
        "url": "https://issues.redhat.com/browse/MTA-73"
      },
      {
        "category": "external",
        "summary": "MTA-74",
        "url": "https://issues.redhat.com/browse/MTA-74"
      },
      {
        "category": "external",
        "summary": "MTA-76",
        "url": "https://issues.redhat.com/browse/MTA-76"
      },
      {
        "category": "external",
        "summary": "MTA-77",
        "url": "https://issues.redhat.com/browse/MTA-77"
      },
      {
        "category": "external",
        "summary": "MTA-80",
        "url": "https://issues.redhat.com/browse/MTA-80"
      },
      {
        "category": "external",
        "summary": "MTA-82",
        "url": "https://issues.redhat.com/browse/MTA-82"
      },
      {
        "category": "external",
        "summary": "MTA-85",
        "url": "https://issues.redhat.com/browse/MTA-85"
      },
      {
        "category": "external",
        "summary": "MTA-88",
        "url": "https://issues.redhat.com/browse/MTA-88"
      },
      {
        "category": "external",
        "summary": "MTA-92",
        "url": "https://issues.redhat.com/browse/MTA-92"
      },
      {
        "category": "external",
        "summary": "MTA-96",
        "url": "https://issues.redhat.com/browse/MTA-96"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0934.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update",
    "tracking": {
      "current_release_date": "2024-12-17T23:01:30+00:00",
      "generator": {
        "date": "2024-12-17T23:01:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2023:0934",
      "initial_release_date": "2023-02-28T00:50:28+00:00",
      "revision_history": [
        {
          "date": "2023-02-28T00:50:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-02-28T23:46:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T23:01:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "MTA 6.0 for RHEL 8",
                "product": {
                  "name": "MTA 6.0 for RHEL 8",
                  "product_id": "8Base-MTA-6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Applications"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
                "product": {
                  "name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
                  "product_id": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-admin-addon-rhel8\u0026tag=6.0.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
                "product": {
                  "name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
                  "product_id": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel8\u0026tag=6.0.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
                "product": {
                  "name": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
                  "product_id": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-rhel8-operator\u0026tag=6.0.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
                "product": {
                  "name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
                  "product_id": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-pathfinder-rhel8\u0026tag=6.0.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
                "product": {
                  "name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
                  "product_id": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel8\u0026tag=6.0.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64",
                "product": {
                  "name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64",
                  "product_id": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-addon-rhel8\u0026tag=6.0.1-9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 as a component of MTA 6.0 for RHEL 8",
          "product_id": "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64"
        },
        "product_reference": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
        "relates_to_product_reference": "8Base-MTA-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 as a component of MTA 6.0 for RHEL 8",
          "product_id": "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64"
        },
        "product_reference": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
        "relates_to_product_reference": "8Base-MTA-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 as a component of MTA 6.0 for RHEL 8",
          "product_id": "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64"
        },
        "product_reference": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
        "relates_to_product_reference": "8Base-MTA-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64 as a component of MTA 6.0 for RHEL 8",
          "product_id": "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64"
        },
        "product_reference": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
        "relates_to_product_reference": "8Base-MTA-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 as a component of MTA 6.0 for RHEL 8",
          "product_id": "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        },
        "product_reference": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
        "relates_to_product_reference": "8Base-MTA-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 as a component of MTA 6.0 for RHEL 8",
          "product_id": "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        },
        "product_reference": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64",
        "relates_to_product_reference": "8Base-MTA-6.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-36567",
      "cwe": {
        "id": "CWE-117",
        "name": "Improper Output Neutralization for Logs"
      },
      "discovery_date": "2022-12-28T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156683"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
          "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
          "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
          "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
          "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-36567"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156683",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36567",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36567"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567"
        },
        {
          "category": "external",
          "summary": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d",
          "url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d"
        },
        {
          "category": "external",
          "summary": "https://github.com/gin-gonic/gin/pull/2237",
          "url": "https://github.com/gin-gonic/gin/pull/2237"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2020-0001",
          "url": "https://pkg.go.dev/vuln/GO-2020-0001"
        }
      ],
      "release_date": "2022-12-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:50:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin"
    },
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
          "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
          "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
          "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
          "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:50:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2022-24999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150323"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "express: \"qs\" prototype poisoning causes the hang of the node process",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
          "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
          "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
          "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
          "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150323",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
          "url": "https://github.com/expressjs/express/releases/tag/4.17.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/pull/428",
          "url": "https://github.com/ljharb/qs/pull/428"
        },
        {
          "category": "external",
          "summary": "https://github.com/n8tz/CVE-2022-24999",
          "url": "https://github.com/n8tz/CVE-2022-24999"
        }
      ],
      "release_date": "2022-11-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:50:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "express: \"qs\" prototype poisoning causes the hang of the node process"
    },
    {
      "cve": "CVE-2022-37601",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-10-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2134876"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "loader-utils: prototype pollution in function parseQuery in parseQuery.js",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Packages shipped in Red Hat Enterprise Linux use \u0027loader-utils\u0027 as a transitive dependency. Thus, reducing the impact to Moderate.\n\nIn Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
          "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
          "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
          "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
          "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37601"
        },
        {
          "category": "external",
          "summary": "RHBZ#2134876",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37601",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601"
        },
        {
          "category": "external",
          "summary": "https://github.com/webpack/loader-utils/issues/212",
          "url": "https://github.com/webpack/loader-utils/issues/212"
        }
      ],
      "release_date": "2022-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:50:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "loader-utils: prototype pollution in function parseQuery in parseQuery.js"
    },
    {
      "cve": "CVE-2022-37603",
      "cwe": {
        "id": "CWE-185",
        "name": "Incorrect Regular Expression"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "loader-utils: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
          "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
          "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
          "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
          "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
        }
      ],
      "release_date": "2022-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:50:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "loader-utils: Regular expression denial of service"
    },
    {
      "cve": "CVE-2022-41717",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-01-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2161274"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
          "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
          "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
          "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
          "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2161274",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/455635",
          "url": "https://go.dev/cl/455635"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/455717",
          "url": "https://go.dev/cl/455717"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/56350",
          "url": "https://go.dev/issue/56350"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2022-1144",
          "url": "https://pkg.go.dev/vuln/GO-2022-1144"
        }
      ],
      "release_date": "2022-11-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:50:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
    },
    {
      "cve": "CVE-2022-42920",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2142707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
          "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
          "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
          "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
          "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2142707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
          "url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
        }
      ],
      "release_date": "2022-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:50:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
    },
    {
      "cve": "CVE-2022-46175",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json5: Prototype Pollution in JSON5 via Parse Method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
          "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
          "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
          "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
          "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
          "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
        }
      ],
      "release_date": "2022-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T00:50:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
            "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
            "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
            "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64",
            "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
            "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "json5: Prototype Pollution in JSON5 via Parse Method"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-35065 (GCVE-0-2021-35065)

Tags

Sightings

Nomenclature