Vulnerability-Lookup

CVE-2023-46809 (GCVE-0-2023-46809)

Vulnerability from cvelistv5 – Published: 2024-09-07 16:03 – Updated: 2025-11-04 18:18

Summary

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-385 - Covert Timing Channel

Assigner

hackerone

References

3 references

URL	Tags
https://nodejs.org/en/blog/vulnerability/february…
https://lists.debian.org/debian-lts-announce/2024…
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

2 products

Vendor	Product	Version
NodeJS	Node	Affected: 4.0 , < 4.* (semver) Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.* (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.* (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.19.1 (semver) Affected: 19.0 , < 19.* (semver) Affected: 20.0 , < 20.11.1 (semver) Affected: 21.0 , < 21.6.2 (semver)
nodejs	nodejs	Affected: 18.0 , ≤ 18.19.0 (semver) Affected: 20.0 , ≤ 20.11.0 (semver) Affected: 21.0 , ≤ 21.6.0 (semver) cpe:2.3:a:nodejs:nodejs::::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nodejs",
            "vendor": "nodejs",
            "versions": [
              {
                "lessThanOrEqual": "18.19.0",
                "status": "affected",
                "version": "18.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "20.11.0",
                "status": "affected",
                "version": "20.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "21.6.0",
                "status": "affected",
                "version": "21.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-46809",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T17:40:41.999808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-385",
                "description": "CWE-385 Covert Timing Channel",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T18:00:37.229Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:18:49.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Node",
          "vendor": "NodeJS",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.*",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.*",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.*",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "17.*",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.19.1",
              "status": "affected",
              "version": "18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "19.*",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            },
            {
              "lessThan": "20.11.1",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.6.2",
              "status": "affected",
              "version": "21.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T22:25:08.962Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46809",
    "datePublished": "2024-09-07T16:03:32.996Z",
    "dateReserved": "2023-10-27T01:00:13.401Z",
    "dateUpdated": "2025-11-04T18:18:49.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-46809",
      "date": "2026-06-05",
      "epss": "0.01239",
      "percentile": "0.79602"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.\"}, {\"lang\": \"es\", \"value\": \"Las versiones de Node.js que incluyen una versi\\u00f3n sin parches de OpenSSL o se ejecutan contra una versi\\u00f3n vinculada din\\u00e1micamente de OpenSSL que no tiene parches son vulnerables al ataque Marvin - https://people.redhat.com/~hkario/marvin/, si se permite el relleno PCKS #1 v1.5 al realizar el descifrado RSA usando una clave privada.\"}]",
      "id": "CVE-2023-46809",
      "lastModified": "2024-09-09T18:35:01.803",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}]}",
      "published": "2024-09-07T16:15:02.343",
      "references": "[{\"url\": \"https://nodejs.org/en/blog/vulnerability/february-2024-security-releases\", \"source\": \"support@hackerone.com\"}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-385\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-46809\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2024-09-07T16:15:02.343\",\"lastModified\":\"2025-11-04T19:16:04.540\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.\"},{\"lang\":\"es\",\"value\":\"Las versiones de Node.js que incluyen una versi\u00f3n sin parches de OpenSSL o se ejecutan contra una versi\u00f3n vinculada din\u00e1micamente de OpenSSL que no tiene parches son vulnerables al ataque Marvin - https://people.redhat.com/~hkario/marvin/, si se permite el relleno PCKS #1 v1.5 al realizar el descifrado RSA usando una clave privada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-385\"}]}],\"references\":[{\"url\":\"https://nodejs.org/en/blog/vulnerability/february-2024-security-releases\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T18:18:49.086Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-46809\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-09T17:40:41.999808Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*\"], \"vendor\": \"nodejs\", \"product\": \"nodejs\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"18.19.0\"}, {\"status\": \"affected\", \"version\": \"20.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"20.11.0\"}, {\"status\": \"affected\", \"version\": \"21.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"21.6.0\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-385\", \"description\": \"CWE-385 Covert Timing Channel\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-09T17:42:38.836Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"NodeJS\", \"product\": \"Node\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0\", \"lessThan\": \"5.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.0\", \"lessThan\": \"11.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"12.0\", \"lessThan\": \"12.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"13.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"14.0\", \"lessThan\": \"14.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"15.0\", \"lessThan\": \"15.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"16.0\", \"lessThan\": \"16.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"17.0\", \"lessThan\": \"17.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.0\", \"lessThan\": \"18.19.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"19.0\", \"lessThan\": \"19.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"20.0\", \"lessThan\": \"20.11.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.0\", \"lessThan\": \"21.6.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nodejs.org/en/blog/vulnerability/february-2024-security-releases\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2025-04-30T22:25:08.962Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-46809\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T18:18:49.086Z\", \"dateReserved\": \"2023-10-27T01:00:13.401Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2024-09-07T16:03:32.996Z\", \"assignerShortName\": \"hackerone\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

NCSC-2024-0433

Vulnerability from csaf_ncscnl - Published: 2024-11-12 14:19 - Updated: 2024-11-12 14:19

Summary

Kwetsbaarheden verholpen in Siemens producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDCOM, SCALANCE, SIMATIC en SINEC.

Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Cross-Site-Scripting (XSS) - Manipulatie van gegevens - Omzeilen van een beveiligingsmaatregel - Omzeilen van authenticatie - (Remote) code execution (Administrator/Root rechten) - (Remote) code execution (Gebruikersrechten) - Toegang tot systeemgegevens - Verhoogde gebruikersrechten De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.

Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-606: Unchecked Input for Loop Condition

CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation

CWE-115: Misinterpretation of Input

CWE-1059: Insufficient Technical Documentation

CWE-1325: Improperly Controlled Sequential Memory Allocation

CWE-222: Truncation of Security-relevant Information

CWE-310: CWE-310

CWE-328: Use of Weak Hash

CWE-1284: Improper Validation of Specified Quantity in Input

CWE-213: Exposure of Sensitive Information Due to Incompatible Policies

CWE-1268: Policy Privileges are not Assigned Consistently Between Control and Data Agents

CWE-684: Incorrect Provision of Specified Functionality

CWE-772: Missing Release of Resource after Effective Lifetime

CWE-208: Observable Timing Discrepancy

CWE-201: Insertion of Sensitive Information Into Sent Data

CWE-834: Excessive Iteration

CWE-266: Incorrect Privilege Assignment

CWE-942: Permissive Cross-domain Policy with Untrusted Domains

CWE-271: Privilege Dropping / Lowering Errors

CWE-732: Incorrect Permission Assignment for Critical Resource

CWE-667: Improper Locking

CWE-440: Expected Behavior Violation

CWE-297: Improper Validation of Certificate with Host Mismatch

CWE-311: Missing Encryption of Sensitive Data

CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE-617: Reachable Assertion

CWE-427: Uncontrolled Search Path Element

CWE-319: Cleartext Transmission of Sensitive Information

CWE-613: Insufficient Session Expiration

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-203: Observable Discrepancy

CWE-354: Improper Validation of Integrity Check Value

CWE-325: Missing Cryptographic Step

CWE-190: Integer Overflow or Wraparound

CWE-321: Use of Hard-coded Cryptographic Key

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-125: Out-of-bounds Read

CWE-404: Improper Resource Shutdown or Release

CWE-275: CWE-275

CWE-284: Improper Access Control

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1333: Inefficient Regular Expression Complexity

CWE-416: Use After Free

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-401: Missing Release of Memory after Effective Lifetime

CWE-476: NULL Pointer Dereference

CWE-295: Improper Certificate Validation

CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE-436: Interpretation Conflict

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-502: Deserialization of Untrusted Data

CWE-918: Server-Side Request Forgery (SSRF)

CWE-863: Incorrect Authorization

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-787: Out-of-bounds Write

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-122: Heap-based Buffer Overflow

CWE-121: Stack-based Buffer Overflow

CWE-789: Memory Allocation with Excessive Size Value

CWE-269: Improper Privilege Management

CWE-20: Improper Input Validation

CWE-287: Improper Authentication

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-3506

CWE-125 - Out-of-bounds Read

CVE-2023-2975

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-287 - Improper Authentication

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
simatic_mv500_family siemens	`cpe:2.3:a:siemens:simatic_mv500_family::::::::`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-3341

CWE-20 - Improper Input Validation

CVE-2023-3446

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 10 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_mv500_family siemens	`cpe:2.3:a:siemens:simatic_mv500_family::::::::`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—
telecontrol_server_basic_v3 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_v3::::::::`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—
st7_scadaconnect__6nh7997-5da10-0aa0_ siemens	`cpe:2.3:a:siemens:st7_scadaconnect__6nh7997-5da10-0aa0_::::::::`	—

CVE-2023-3817

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 8 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_s7 siemens	`cpe:2.3:h:siemens:simatic_s7:1500:::::::*`	—
simatic_mv500_family siemens	`cpe:2.3:a:siemens:simatic_mv500_family::::::::`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-4236

CWE-617 - Reachable Assertion

CVE-2023-4408

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-4807

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 13 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
telecontrol_server_basic_v3 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_v3::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da00_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_::::::::`	—

CVE-2023-5363

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-325 - Missing Cryptographic Step

Affected products

Known affected 7 products

Product	Identifier	Version
simatic_rtls_locating_manager__6gt2780-0da00_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_::::::::`	—

CVE-2023-5517

CWE-617 - Reachable Assertion

CVE-2023-5678

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Affected products

Known affected 17 products

CVE-2023-5679

CWE-617 - Reachable Assertion

CVE-2023-5680

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-6129

CWE-328 - Use of Weak Hash

CVE-2023-6237

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-6516

CWE-770 - Allocation of Resources Without Limits or Throttling

CVE-2023-7104

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2023-28450

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 11 products

Product	Identifier	Version
scalance_xch328__6gk5328-4ts01-2ec2_ siemens	`cpe:2.3:a:siemens:scalance_xch328__6gk5328-4ts01-2ec2_::::::::`	—
scalance_xcm324__6gk5324-8ts01-2ac2_ siemens	`cpe:2.3:a:siemens:scalance_xcm324__6gk5324-8ts01-2ac2_::::::::`	—
scalance_xcm328__6gk5328-4ts01-2ac2_ siemens	`cpe:2.3:a:siemens:scalance_xcm328__6gk5328-4ts01-2ac2_::::::::`	—
scalance_xcm332__6gk5332-0ga01-2ac2_ siemens	`cpe:2.3:a:siemens:scalance_xcm332__6gk5332-0ga01-2ac2_::::::::`	—
scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_ siemens	`cpe:2.3:a:siemens:scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_::::::::`	—
scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_::::::::`	—
scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_::::::::`	—
scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_::::::::`	—
scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_::::::::`	—
scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_::::::::`	—
scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_ siemens	`cpe:2.3:a:siemens:scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_::::::::`	—

CVE-2023-30584

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32002

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32003

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32004

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32005

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32006

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32558

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32559

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2023-32736

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 30 products

Product	Identifier	Version
simatic_s7-plcsim_v16 siemens	`cpe:2.3:a:siemens:simatic_s7-plcsim_v16::::::::`	—
simatic_s7-plcsim_v17 siemens	`cpe:2.3:a:siemens:simatic_s7-plcsim_v17::::::::`	—
simatic_step_7_safety_v16 siemens	`cpe:2.3:a:siemens:simatic_step_7_safety_v16::::::::`	—
simatic_step_7_safety_v17 siemens	`cpe:2.3:a:siemens:simatic_step_7_safety_v17::::::::`	—
simatic_step_7_safety_v18 siemens	`cpe:2.3:a:siemens:simatic_step_7_safety_v18::::::::`	—
simatic_step_7_v16 siemens	`cpe:2.3:a:siemens:simatic_step_7_v16::::::::`	—
simatic_step_7_v17 siemens	`cpe:2.3:a:siemens:simatic_step_7_v17::::::::`	—
simatic_step_7_v18 siemens	`cpe:2.3:a:siemens:simatic_step_7_v18::::::::`	—
simatic_wincc_unified_v16 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_v16::::::::`	—
simatic_wincc_unified_v17 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_v17::::::::`	—
simatic_wincc_unified_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_v18::::::::`	—
simatic_wincc_v16 siemens	`cpe:2.3:a:siemens:simatic_wincc_v16::::::::`	—
simatic_wincc_v17 siemens	`cpe:2.3:a:siemens:simatic_wincc_v17::::::::`	—
simatic_wincc_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_v18::::::::`	—
simocode_es_v16 siemens	`cpe:2.3:a:siemens:simocode_es_v16::::::::`	—
simocode_es_v17 siemens	`cpe:2.3:a:siemens:simocode_es_v17::::::::`	—
simocode_es_v18 siemens	`cpe:2.3:a:siemens:simocode_es_v18::::::::`	—
simotion_scout_tia_v5.4_sp1 siemens	`cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp1::::::::`	—
simotion_scout_tia_v5.4_sp3 siemens	`cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp3::::::::`	—
simotion_scout_tia_v5.5_sp1 siemens	`cpe:2.3:a:siemens:simotion_scout_tia_v5.5_sp1::::::::`	—
sinamics_startdrive_v16 siemens	`cpe:2.3:a:siemens:sinamics_startdrive_v16::::::::`	—
sinamics_startdrive_v17 siemens	`cpe:2.3:a:siemens:sinamics_startdrive_v17::::::::`	—
sinamics_startdrive_v18 siemens	`cpe:2.3:a:siemens:sinamics_startdrive_v18::::::::`	—
sirius_safety_es_v17 siemens	`cpe:2.3:a:siemens:sirius_safety_es_v17::::::::`	—
sirius_safety_es_v18 siemens	`cpe:2.3:a:siemens:sirius_safety_es_v18::::::::`	—
sirius_soft_starter_es_v17 siemens	`cpe:2.3:a:siemens:sirius_soft_starter_es_v17::::::::`	—
sirius_soft_starter_es_v18 siemens	`cpe:2.3:a:siemens:sirius_soft_starter_es_v18::::::::`	—
tia_portal_cloud_v16 siemens	`cpe:2.3:a:siemens:tia_portal_cloud_v16::::::::`	—
tia_portal_cloud_v17 siemens	`cpe:2.3:a:siemens:tia_portal_cloud_v17::::::::`	—
tia_portal_cloud_v18 siemens	`cpe:2.3:a:siemens:tia_portal_cloud_v18::::::::`	—

CVE-2023-38552

CWE-354 - Improper Validation of Integrity Check Value

CVE-2023-38709

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CVE-2023-39331

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-39332

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-39333

CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 8 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—
ruggedcom_ape1808 siemens	`cpe:2.3:a:siemens:ruggedcom_ape1808::::::::`	—
st7_scadaconnect__6nh7997-5da10-0aa0_ siemens	`cpe:2.3:a:siemens:st7_scadaconnect__6nh7997-5da10-0aa0_::::::::`	—

CVE-2023-45143

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

CVE-2023-46218

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Known affected 12 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da00_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_::::::::`	—

CVE-2023-46219

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 12 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da00_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-0da30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea10_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea20_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_::::::::`	—
simatic_rtls_locating_manager__6gt2780-1ea30_ siemens	`cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_::::::::`	—

CVE-2023-46280

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 77 products

Product	Identifier	Version
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms:0:::::::*`	—
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—
sinumerik_plc_programming_tool siemens	`cpe:2.3:a:siemens:sinumerik_plc_programming_tool::::::::`	—
simatic_batch_v9.1 siemens	`cpe:2.3:a:siemens:simatic_batch_v9.1::::::::`	—
sinamics_startdrive siemens	`cpe:2.3:a:siemens:sinamics_startdrive::::::::`	—
simatic_wincc siemens	`cpe:2.3:a:siemens:simatic_wincc::::::::`	—
sinumerik_one_virtual siemens	`cpe:2.3:a:siemens:sinumerik_one_virtual::::::::`	—
simatic_wincc_runtime_professional siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional::::::::`	—
tia_portal_cloud_connector siemens	`cpe:2.3:a:siemens:tia_portal_cloud_connector::::::::`	—
simatic_wincc_runtime_advanced siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::`	—
simatic_automation_tool siemens	`cpe:2.3:a:siemens:simatic_automation_tool:0:::::::*`	—
simatic_net_pc_software_v19 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v19:0:::::::*`	—
simatic_wincc_unified_pc_runtime_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18:0:::::::*`	—
s7-pct siemens	`cpe:2.3:a:siemens:s7-pct::::::::`	—
security_configuration_tool__sct_ siemens	`cpe:2.3:a:siemens:security_configuration_tool__sct_::::::::`	—
simatic_net_pc_software_v16 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v16::::::::`	—
simatic_net_pc_software_v17 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v17::::::::`	—
simatic_net_pc_software_v18 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v18::::::::`	—
simatic_net_pc_software_v19 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v19::::::::`	—
simatic_pcs_7_v9.1 siemens	`cpe:2.3:a:siemens:simatic_pcs_7_v9.1::::::::`	—
simatic_pdm_v9.2 siemens	`cpe:2.3:a:siemens:simatic_pdm_v9.2::::::::`	—
simatic_route_control_v9.1 siemens	`cpe:2.3:a:siemens:simatic_route_control_v9.1::::::::`	—
simatic_step_7_v5 siemens	`cpe:2.3:a:siemens:simatic_step_7_v5::::::::`	—
simatic_wincc_oa_v3.17 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.17::::::::`	—
simatic_wincc_oa_v3.18 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.18::::::::`	—
simatic_wincc_oa_v3.19 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.19::::::::`	—
simatic_wincc_runtime_professional_v16 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v16::::::::`	—
simatic_wincc_runtime_professional_v17 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17::::::::`	—
simatic_wincc_runtime_professional_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18::::::::`	—
simatic_wincc_runtime_professional_v19 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19::::::::`	—
simatic_wincc_unified_pc_runtime_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18::::::::`	—
simatic_wincc_v7.4 siemens	`cpe:2.3:a:siemens:simatic_wincc_v7.4::::::::`	—
simatic_wincc_v7.5 siemens	`cpe:2.3:a:siemens:simatic_wincc_v7.5::::::::`	—
simatic_wincc_v8.0 siemens	`cpe:2.3:a:siemens:simatic_wincc_v8.0::::::::`	—
totally_integrated_automation_portal__tia_portal__v15.1 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v15.1::::::::`	—
totally_integrated_automation_portal__tia_portal__v16 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16::::::::`	—
totally_integrated_automation_portal__tia_portal__v17 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17::::::::`	—
totally_integrated_automation_portal__tia_portal__v18 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18::::::::`	—
totally_integrated_automation_portal__tia_portal__v19 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19::::::::`	—
s7-pct siemens	`cpe:2.3:a:siemens:s7-pct:0:::::::*`	—
security_configuration_tool__sct_ siemens	`cpe:2.3:a:siemens:security_configuration_tool__sct_:0:::::::*`	—
simatic_automation_tool siemens	`cpe:2.3:a:siemens:simatic_automation_tool:all_versions:::::::*`	—
simatic_batch_v9.1 siemens	`cpe:2.3:a:siemens:simatic_batch_v9.1:0:::::::*`	—
simatic_net_pc_software siemens	`cpe:2.3:a:siemens:simatic_net_pc_software:0:::::::*`	—
simatic_pcs_7_v9.1 siemens	`cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:::::::*`	—
simatic_pdm_v9.2 siemens	`cpe:2.3:a:siemens:simatic_pdm_v9.2:0:::::::*`	—
simatic_route_control_v9.1 siemens	`cpe:2.3:a:siemens:simatic_route_control_v9.1:0:::::::*`	—
simatic_step_7_v5 siemens	`cpe:2.3:a:siemens:simatic_step_7_v5:0:::::::*`	—
simatic_wincc_oa_v3.17 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.17:0:::::::*`	—
simatic_wincc_oa_v3.18 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.18:0:::::::*`	—
simatic_wincc_oa_v3.19 siemens	`cpe:2.3:a:siemens:simatic_wincc_oa_v3.19:0:::::::*`	—
simatic_wincc_runtime_advanced siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:0:::::::*`	—
simatic_wincc_runtime_professional_v16 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v16:0:::::::*`	—
simatic_wincc_runtime_professional_v17 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:0:::::::*`	—
simatic_wincc_runtime_professional_v18 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:::::::*`	—
simatic_wincc_runtime_professional_v19 siemens	`cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:::::::*`	—
simatic_wincc_unified_pc_runtime siemens	`cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:0:::::::*`	—
simatic_wincc_v7.4 siemens	`cpe:2.3:a:siemens:simatic_wincc_v7.4:0:::::::*`	—
simatic_wincc_v7.5 siemens	`cpe:2.3:a:siemens:simatic_wincc_v7.5:0:::::::*`	—
simatic_wincc_v8.0 siemens	`cpe:2.3:a:siemens:simatic_wincc_v8.0:0:::::::*`	—
sinamics_startdrive siemens	`cpe:2.3:a:siemens:sinamics_startdrive:0:::::::*`	—
sinumerik_one_virtual siemens	`cpe:2.3:a:siemens:sinumerik_one_virtual:0:::::::*`	—
sinumerik_plc_programming_tool siemens	`cpe:2.3:a:siemens:sinumerik_plc_programming_tool:0:::::::*`	—
tia_portal_cloud_connector siemens	`cpe:2.3:a:siemens:tia_portal_cloud_connector:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v15.1 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v15.1:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v16 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v17 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v18 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:::::::*`	—
totally_integrated_automation_portal__tia_portal__v19 siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:::::::*`	—
totally_integrated_automation_portal siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal:16:::::::*`	—
simatic_automation_tool siemens	`cpe:2.3:a:siemens:simatic_automation_tool::::::::`	—
totally_integrated_automation_portal siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal:19:::::::*`	—
totally_integrated_automation_portal siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal:18:::::::*`	—
totally_integrated_automation_portal siemens	`cpe:2.3:a:siemens:totally_integrated_automation_portal:17:::::::*`	—
simatic_net_pc_software_v16 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v16:0:::::::*`	—
simatic_net_pc_software_v17 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v17:0:::::::*`	—
simatic_net_pc_software_v18 siemens	`cpe:2.3:a:siemens:simatic_net_pc_software_v18:0:::::::*`	—

CVE-2023-46809

CWE-208 - Observable Timing Discrepancy

CVE-2023-47038

CWE-122 - Heap-based Buffer Overflow

CVE-2023-47039

CWE-122 - Heap-based Buffer Overflow

CVE-2023-47100

CVE-2023-48795

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-222 - Truncation of Security-relevant Information

Affected products

Known affected 7 products

Product	Identifier	Version
ruggedcom_ape1808 siemens	`cpe:2.3:a:siemens:ruggedcom_ape1808::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2023-49441

CWE-190 - Integer Overflow or Wraparound

CVE-2023-50387

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-50868

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-52389

CWE-121 - Stack-based Buffer Overflow

CVE-2024-0232

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2024-0727

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
simatic_s7 siemens	`cpe:2.3:h:siemens:simatic_s7:1500:::::::*`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2024-2004

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-319 - Cleartext Transmission of Sensitive Information

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinema_remote_connect_client siemens	`cpe:2.3:a:siemens:sinema_remote_connect_client::::::::`	—

CVE-2024-2379

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-295 - Improper Certificate Validation

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinema_remote_connect_client siemens	`cpe:2.3:a:siemens:sinema_remote_connect_client::::::::`	—

CVE-2024-2398

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinema_remote_connect_client siemens	`cpe:2.3:a:siemens:sinema_remote_connect_client::::::::`	—

CVE-2024-2466

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
sinema_remote_connect_client siemens	`cpe:2.3:a:siemens:sinema_remote_connect_client::::::::`	—

CVE-2024-2511

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2024-4603

CWE-606 - Unchecked Input for Loop Condition

CVE-2024-4741

CWE-416 - Use After Free

CVE-2024-5535

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 6 products

Product	Identifier	Version
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_::::::::`	—
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens	`cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_::::::::`	—
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens	`cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_::::::::`	—
simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens	`cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem::::::::`	—

CVE-2024-5594

CVE-2024-21890

CWE-275 - -

CVE-2024-21891

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2024-21892

CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVE-2024-21896

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2024-22017

CWE-271 - Privilege Dropping / Lowering Errors

CVE-2024-22019

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-22025

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-24758

CWE-942 - Permissive Cross-domain Policy with Untrusted Domains

CVE-2024-24795

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CVE-2024-24806

CWE-918 - Server-Side Request Forgery (SSRF)

CVE-2024-26306

CWE-310 - -

CVE-2024-26925

CWE-284 - Improper Access Control

CVE-2024-27316

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-27980

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-27982

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVE-2024-27983

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-28882

CWE-772 - Missing Release of Resource after Effective Lifetime

CVE-2024-29119

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-266 - Incorrect Privilege Assignment

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
spectrum_power_7 siemens	`cpe:2.3:a:siemens:spectrum_power_7::::::::`	—

CVE-2024-36140

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
ozw672 siemens	`cpe:2.3:a:siemens:ozw672::::::::`	—
ozw772 siemens	`cpe:2.3:a:siemens:ozw772::::::::`	—

CVE-2024-44102

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 13 products

Product	Identifier	Version
pp_telecontrol_server_basic_1000_to_5000_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_1000_to_5000_v3.1::::::::`	—
pp_telecontrol_server_basic_256_to_1000_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_256_to_1000_v3.1::::::::`	—
pp_telecontrol_server_basic_32_to_64_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_32_to_64_v3.1::::::::`	—
pp_telecontrol_server_basic_64_to_256_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_64_to_256_v3.1::::::::`	—
pp_telecontrol_server_basic_8_to_32_v3.1 siemens	`cpe:2.3:a:siemens:pp_telecontrol_server_basic_8_to_32_v3.1::::::::`	—
telecontrol_server_basic_1000_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_1000_v3.1::::::::`	—
telecontrol_server_basic_256_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_256_v3.1::::::::`	—
telecontrol_server_basic_32_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_32_v3.1::::::::`	—
telecontrol_server_basic_5000_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_5000_v3.1::::::::`	—
telecontrol_server_basic_64_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_64_v3.1::::::::`	—
telecontrol_server_basic_8_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_8_v3.1::::::::`	—
telecontrol_server_basic_serv_upgr siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_serv_upgr::::::::`	—
telecontrol_server_basic_upgr_v3.1 siemens	`cpe:2.3:a:siemens:telecontrol_server_basic_upgr_v3.1::::::::`	—

CVE-2024-46888

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46889

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-321 - Use of Hard-coded Cryptographic Key

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46890

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46891

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46892

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

CWE-613 - Insufficient Session Expiration

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-46894

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_ins siemens	`cpe:2.3:a:siemens:sinec_ins::::::::`	—

CVE-2024-47783

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
siport siemens	`cpe:2.3:a:siemens:siport::::::::`	—

CVE-2024-47808

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
sinec_nms siemens	`cpe:2.3:a:siemens:sinec_nms::::::::`	—

CVE-2024-47940

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
solid_edge_se2024 siemens	`cpe:2.3:a:siemens:solid_edge_se2024::::::::`	—

CVE-2024-47941

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
solid_edge_se2024 siemens	`cpe:2.3:a:siemens:solid_edge_se2024::::::::`	—

CVE-2024-47942

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-427 - Uncontrolled Search Path Element

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
solid_edge_se2024 siemens	`cpe:2.3:a:siemens:solid_edge_se2024::::::::`	—

CVE-2024-50310

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-863 - Incorrect Authorization

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
simatic_cp_1543-1_v4.0 siemens	`cpe:2.3:a:siemens:simatic_cp_1543-1_v4.0::::::::`	—

CVE-2024-50313

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 5 products

Product	Identifier	Version
mendix_runtime_v10 siemens	`cpe:2.3:a:siemens:mendix_runtime_v10::::::::`	—
mendix_runtime_v10.12 siemens	`cpe:2.3:a:siemens:mendix_runtime_v10.12::::::::`	—
mendix_runtime_v10.6 siemens	`cpe:2.3:a:siemens:mendix_runtime_v10.6::::::::`	—
mendix_runtime_v8 siemens	`cpe:2.3:a:siemens:mendix_runtime_v8::::::::`	—
mendix_runtime_v9 siemens	`cpe:2.3:a:siemens:mendix_runtime_v9::::::::`	—

CVE-2024-50557

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50558

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-284 - Improper Access Control

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50559

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50560

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50561

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

CVE-2024-50572

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Affected products

Known affected 24 products

Product	Identifier	Version
ruggedcom_rm1224_lte_4g__eu siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu::::::::`	—
ruggedcom_rm1224_lte_4g__nam siemens	`cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam::::::::`	—
scalance_m804pb siemens	`cpe:2.3:a:siemens:scalance_m804pb::::::::`	—
scalance_m812-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m812-1_adsl-router::::::::`	—
scalance_m816-1_adsl-router siemens	`cpe:2.3:a:siemens:scalance_m816-1_adsl-router::::::::`	—
scalance_m826-2_shdsl-router siemens	`cpe:2.3:a:siemens:scalance_m826-2_shdsl-router::::::::`	—
scalance_m874-2 siemens	`cpe:2.3:a:siemens:scalance_m874-2::::::::`	—
scalance_m874-3 siemens	`cpe:2.3:a:siemens:scalance_m874-3::::::::`	—
scalance_m874-3_3g-router__cn_ siemens	`cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_::::::::`	—
scalance_m876-3 siemens	`cpe:2.3:a:siemens:scalance_m876-3::::::::`	—
scalance_m876-3__rok_ siemens	`cpe:2.3:a:siemens:scalance_m876-3__rok_::::::::`	—
scalance_m876-4 siemens	`cpe:2.3:a:siemens:scalance_m876-4::::::::`	—
scalance_m876-4__eu_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__eu_::::::::`	—
scalance_m876-4__nam_ siemens	`cpe:2.3:a:siemens:scalance_m876-4__nam_::::::::`	—
scalance_mum853-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__a1_::::::::`	—
scalance_mum853-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__b1_::::::::`	—
scalance_mum853-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum853-1__eu_::::::::`	—
scalance_mum856-1__a1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__a1_::::::::`	—
scalance_mum856-1__b1_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__b1_::::::::`	—
scalance_mum856-1__cn_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__cn_::::::::`	—
scalance_mum856-1__eu_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__eu_::::::::`	—
scalance_mum856-1__row_ siemens	`cpe:2.3:a:siemens:scalance_mum856-1__row_::::::::`	—
scalance_s615_eec_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_eec_lan-router::::::::`	—
scalance_s615_lan-router siemens	`cpe:2.3:a:siemens:scalance_s615_lan-router::::::::`	—

References

108 references

URL	Category
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://cert-portal.siemens.com/productcert/pdf/s…	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDCOM, SCALANCE, SIMATIC en SINEC.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Cross-Site-Scripting (XSS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Unchecked Input for Loop Condition",
        "title": "CWE-606"
      },
      {
        "category": "general",
        "text": "Use of a Cryptographic Primitive with a Risky Implementation",
        "title": "CWE-1240"
      },
      {
        "category": "general",
        "text": "Misinterpretation of Input",
        "title": "CWE-115"
      },
      {
        "category": "general",
        "text": "Insufficient Technical Documentation",
        "title": "CWE-1059"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Sequential Memory Allocation",
        "title": "CWE-1325"
      },
      {
        "category": "general",
        "text": "Truncation of Security-relevant Information",
        "title": "CWE-222"
      },
      {
        "category": "general",
        "text": "CWE-310",
        "title": "CWE-310"
      },
      {
        "category": "general",
        "text": "Use of Weak Hash",
        "title": "CWE-328"
      },
      {
        "category": "general",
        "text": "Improper Validation of Specified Quantity in Input",
        "title": "CWE-1284"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information Due to Incompatible Policies",
        "title": "CWE-213"
      },
      {
        "category": "general",
        "text": "Policy Privileges are not Assigned Consistently Between Control and Data Agents",
        "title": "CWE-1268"
      },
      {
        "category": "general",
        "text": "Incorrect Provision of Specified Functionality",
        "title": "CWE-684"
      },
      {
        "category": "general",
        "text": "Missing Release of Resource after Effective Lifetime",
        "title": "CWE-772"
      },
      {
        "category": "general",
        "text": "Observable Timing Discrepancy",
        "title": "CWE-208"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information Into Sent Data",
        "title": "CWE-201"
      },
      {
        "category": "general",
        "text": "Excessive Iteration",
        "title": "CWE-834"
      },
      {
        "category": "general",
        "text": "Incorrect Privilege Assignment",
        "title": "CWE-266"
      },
      {
        "category": "general",
        "text": "Permissive Cross-domain Policy with Untrusted Domains",
        "title": "CWE-942"
      },
      {
        "category": "general",
        "text": "Privilege Dropping / Lowering Errors",
        "title": "CWE-271"
      },
      {
        "category": "general",
        "text": "Incorrect Permission Assignment for Critical Resource",
        "title": "CWE-732"
      },
      {
        "category": "general",
        "text": "Improper Locking",
        "title": "CWE-667"
      },
      {
        "category": "general",
        "text": "Expected Behavior Violation",
        "title": "CWE-440"
      },
      {
        "category": "general",
        "text": "Improper Validation of Certificate with Host Mismatch",
        "title": "CWE-297"
      },
      {
        "category": "general",
        "text": "Missing Encryption of Sensitive Data",
        "title": "CWE-311"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Reachable Assertion",
        "title": "CWE-617"
      },
      {
        "category": "general",
        "text": "Uncontrolled Search Path Element",
        "title": "CWE-427"
      },
      {
        "category": "general",
        "text": "Cleartext Transmission of Sensitive Information",
        "title": "CWE-319"
      },
      {
        "category": "general",
        "text": "Insufficient Session Expiration",
        "title": "CWE-613"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Observable Discrepancy",
        "title": "CWE-203"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Missing Cryptographic Step",
        "title": "CWE-325"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Cryptographic Key",
        "title": "CWE-321"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "CWE-275",
        "title": "CWE-275"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
        "title": "CWE-113"
      },
      {
        "category": "general",
        "text": "Missing Release of Memory after Effective Lifetime",
        "title": "CWE-401"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
        "title": "CWE-757"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Use of a Broken or Risky Cryptographic Algorithm",
        "title": "CWE-327"
      },
      {
        "category": "general",
        "text": "Interpretation Conflict",
        "title": "CWE-436"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
        "title": "CWE-74"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Improper Privilege Management",
        "title": "CWE-269"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Authentication",
        "title": "CWE-287"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-000297.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-064257.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-230445.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-331112.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-351178.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-354112.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-454789.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616032.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654798.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-871035.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914892.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-915275.pdf"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Siemens producten",
    "tracking": {
      "current_release_date": "2024-11-12T14:19:20.051128Z",
      "id": "NCSC-2024-0433",
      "initial_release_date": "2024-11-12T14:19:20.051128Z",
      "revision_history": [
        {
          "date": "2024-11-12T14:19:20.051128Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "mendix_runtime_v10.12",
            "product": {
              "name": "mendix_runtime_v10.12",
              "product_id": "CSAFPID-1637623",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10.6",
            "product": {
              "name": "mendix_runtime_v10.6",
              "product_id": "CSAFPID-1637624",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10",
            "product": {
              "name": "mendix_runtime_v10",
              "product_id": "CSAFPID-1637622",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v8",
            "product": {
              "name": "mendix_runtime_v8",
              "product_id": "CSAFPID-1637625",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v9",
            "product": {
              "name": "mendix_runtime_v9",
              "product_id": "CSAFPID-1637626",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ozw672",
            "product": {
              "name": "ozw672",
              "product_id": "CSAFPID-1712832",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ozw672:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ozw772",
            "product": {
              "name": "ozw772",
              "product_id": "CSAFPID-1712833",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ozw772:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_1000_to_5000_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_1000_to_5000_v3.1",
              "product_id": "CSAFPID-1712834",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_1000_to_5000_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_256_to_1000_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_256_to_1000_v3.1",
              "product_id": "CSAFPID-1712835",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_256_to_1000_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_32_to_64_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_32_to_64_v3.1",
              "product_id": "CSAFPID-1712836",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_32_to_64_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_64_to_256_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_64_to_256_v3.1",
              "product_id": "CSAFPID-1712837",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_64_to_256_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "pp_telecontrol_server_basic_8_to_32_v3.1",
            "product": {
              "name": "pp_telecontrol_server_basic_8_to_32_v3.1",
              "product_id": "CSAFPID-1712838",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:pp_telecontrol_server_basic_8_to_32_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_ape1808",
            "product": {
              "name": "ruggedcom_ape1808",
              "product_id": "CSAFPID-1615259",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ruggedcom_ape1808:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_rm1224_lte_4g__eu",
            "product": {
              "name": "ruggedcom_rm1224_lte_4g__eu",
              "product_id": "CSAFPID-1702670",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__eu:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_rm1224_lte_4g__nam",
            "product": {
              "name": "ruggedcom_rm1224_lte_4g__nam",
              "product_id": "CSAFPID-1702671",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ruggedcom_rm1224_lte_4g__nam:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "s7-pct",
            "product": {
              "name": "s7-pct",
              "product_id": "CSAFPID-1637909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:s7-pct:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "s7-pct",
            "product": {
              "name": "s7-pct",
              "product_id": "CSAFPID-1470060",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:s7-pct:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "s7_port_configuration_tool",
            "product": {
              "name": "s7_port_configuration_tool",
              "product_id": "CSAFPID-1472074",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:s7_port_configuration_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m804pb",
            "product": {
              "name": "scalance_m804pb",
              "product_id": "CSAFPID-1702672",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m804pb:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m812-1_adsl-router",
            "product": {
              "name": "scalance_m812-1_adsl-router",
              "product_id": "CSAFPID-1712749",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m812-1_adsl-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m816-1_adsl-router",
            "product": {
              "name": "scalance_m816-1_adsl-router",
              "product_id": "CSAFPID-1712750",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m816-1_adsl-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m826-2_shdsl-router",
            "product": {
              "name": "scalance_m826-2_shdsl-router",
              "product_id": "CSAFPID-1702677",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m826-2_shdsl-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m874-2",
            "product": {
              "name": "scalance_m874-2",
              "product_id": "CSAFPID-1702678",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m874-2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m874-3",
            "product": {
              "name": "scalance_m874-3",
              "product_id": "CSAFPID-1702679",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m874-3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m874-3_3g-router__cn_",
            "product": {
              "name": "scalance_m874-3_3g-router__cn_",
              "product_id": "CSAFPID-1712751",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m874-3_3g-router__cn_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-3",
            "product": {
              "name": "scalance_m876-3",
              "product_id": "CSAFPID-1712752",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-3__rok_",
            "product": {
              "name": "scalance_m876-3__rok_",
              "product_id": "CSAFPID-1702681",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-3__rok_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-4",
            "product": {
              "name": "scalance_m876-4",
              "product_id": "CSAFPID-1712753",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-4__eu_",
            "product": {
              "name": "scalance_m876-4__eu_",
              "product_id": "CSAFPID-1702682",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-4__eu_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_m876-4__nam_",
            "product": {
              "name": "scalance_m876-4__nam_",
              "product_id": "CSAFPID-1702683",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_m876-4__nam_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum853-1__a1_",
            "product": {
              "name": "scalance_mum853-1__a1_",
              "product_id": "CSAFPID-1712754",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum853-1__a1_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum853-1__b1_",
            "product": {
              "name": "scalance_mum853-1__b1_",
              "product_id": "CSAFPID-1712755",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum853-1__b1_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum853-1__eu_",
            "product": {
              "name": "scalance_mum853-1__eu_",
              "product_id": "CSAFPID-1712756",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum853-1__eu_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__a1_",
            "product": {
              "name": "scalance_mum856-1__a1_",
              "product_id": "CSAFPID-1712757",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__a1_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__b1_",
            "product": {
              "name": "scalance_mum856-1__b1_",
              "product_id": "CSAFPID-1712758",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__b1_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__cn_",
            "product": {
              "name": "scalance_mum856-1__cn_",
              "product_id": "CSAFPID-1712759",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__cn_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__eu_",
            "product": {
              "name": "scalance_mum856-1__eu_",
              "product_id": "CSAFPID-1702684",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__eu_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_mum856-1__row_",
            "product": {
              "name": "scalance_mum856-1__row_",
              "product_id": "CSAFPID-1702685",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_mum856-1__row_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_s615_eec_lan-router",
            "product": {
              "name": "scalance_s615_eec_lan-router",
              "product_id": "CSAFPID-1712760",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_s615_eec_lan-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_s615_lan-router",
            "product": {
              "name": "scalance_s615_lan-router",
              "product_id": "CSAFPID-1712761",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_s615_lan-router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xch328__6gk5328-4ts01-2ec2_",
            "product": {
              "name": "scalance_xch328__6gk5328-4ts01-2ec2_",
              "product_id": "CSAFPID-1613504",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xch328__6gk5328-4ts01-2ec2_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xcm324__6gk5324-8ts01-2ac2_",
            "product": {
              "name": "scalance_xcm324__6gk5324-8ts01-2ac2_",
              "product_id": "CSAFPID-1613505",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xcm324__6gk5324-8ts01-2ac2_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xcm328__6gk5328-4ts01-2ac2_",
            "product": {
              "name": "scalance_xcm328__6gk5328-4ts01-2ac2_",
              "product_id": "CSAFPID-1613506",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xcm328__6gk5328-4ts01-2ac2_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xcm332__6gk5332-0ga01-2ac2_",
            "product": {
              "name": "scalance_xcm332__6gk5332-0ga01-2ac2_",
              "product_id": "CSAFPID-1613507",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xcm332__6gk5332-0ga01-2ac2_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_",
            "product": {
              "name": "scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_",
              "product_id": "CSAFPID-1613592",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_",
            "product": {
              "name": "scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_",
              "product_id": "CSAFPID-1613593",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_",
            "product": {
              "name": "scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_",
              "product_id": "CSAFPID-1613594",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_",
            "product": {
              "name": "scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_",
              "product_id": "CSAFPID-1613595",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_",
            "product": {
              "name": "scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_",
              "product_id": "CSAFPID-1613596",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_",
            "product": {
              "name": "scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_",
              "product_id": "CSAFPID-1613597",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_",
            "product": {
              "name": "scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_",
              "product_id": "CSAFPID-1613598",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "security_configuration_tool",
            "product": {
              "name": "security_configuration_tool",
              "product_id": "CSAFPID-1625339",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:security_configuration_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "security_configuration_tool__sct_",
            "product": {
              "name": "security_configuration_tool__sct_",
              "product_id": "CSAFPID-1637910",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:security_configuration_tool__sct_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "security_configuration_tool__sct_",
            "product": {
              "name": "security_configuration_tool__sct_",
              "product_id": "CSAFPID-1470061",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:security_configuration_tool__sct_:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_automation_tool",
            "product": {
              "name": "simatic_automation_tool",
              "product_id": "CSAFPID-1472069",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_automation_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_automation_tool",
            "product": {
              "name": "simatic_automation_tool",
              "product_id": "CSAFPID-1637559",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_automation_tool:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_automation_tool",
            "product": {
              "name": "simatic_automation_tool",
              "product_id": "CSAFPID-1470062",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_automation_tool:all_versions:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_batch_v9.1",
            "product": {
              "name": "simatic_batch_v9.1",
              "product_id": "CSAFPID-1625340",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_batch_v9.1",
            "product": {
              "name": "simatic_batch_v9.1",
              "product_id": "CSAFPID-1470063",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1543-1_v4.0",
            "product": {
              "name": "simatic_cp_1543-1_v4.0",
              "product_id": "CSAFPID-1712748",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1543-1_v4.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_mv500_family",
            "product": {
              "name": "simatic_mv500_family",
              "product_id": "CSAFPID-1703073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_mv500_family:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc-software",
            "product": {
              "name": "simatic_net_pc-software",
              "product_id": "CSAFPID-1625344",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc-software:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software",
            "product": {
              "name": "simatic_net_pc_software",
              "product_id": "CSAFPID-1470064",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v16",
            "product": {
              "name": "simatic_net_pc_software_v16",
              "product_id": "CSAFPID-1637849",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v16",
            "product": {
              "name": "simatic_net_pc_software_v16",
              "product_id": "CSAFPID-1457906",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v16:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v17",
            "product": {
              "name": "simatic_net_pc_software_v17",
              "product_id": "CSAFPID-1637850",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v17",
            "product": {
              "name": "simatic_net_pc_software_v17",
              "product_id": "CSAFPID-1457907",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v18",
            "product": {
              "name": "simatic_net_pc_software_v18",
              "product_id": "CSAFPID-1637851",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v18",
            "product": {
              "name": "simatic_net_pc_software_v18",
              "product_id": "CSAFPID-1457908",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v19",
            "product": {
              "name": "simatic_net_pc_software_v19",
              "product_id": "CSAFPID-1637911",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software_v19",
            "product": {
              "name": "simatic_net_pc_software_v19",
              "product_id": "CSAFPID-1637560",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_net_pc_software_v19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs",
            "product": {
              "name": "simatic_pcs",
              "product_id": "CSAFPID-838530",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_7_v9.1",
            "product": {
              "name": "simatic_pcs_7_v9.1",
              "product_id": "CSAFPID-1501190",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_7_v9.1",
            "product": {
              "name": "simatic_pcs_7_v9.1",
              "product_id": "CSAFPID-1457909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pdm_v9.2",
            "product": {
              "name": "simatic_pdm_v9.2",
              "product_id": "CSAFPID-1637912",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pdm_v9.2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pdm_v9.2",
            "product": {
              "name": "simatic_pdm_v9.2",
              "product_id": "CSAFPID-1470065",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pdm_v9.2:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_route_control_",
            "product": {
              "name": "simatic_route_control_",
              "product_id": "CSAFPID-1625337",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_route_control_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_route_control_v9.1",
            "product": {
              "name": "simatic_route_control_v9.1",
              "product_id": "CSAFPID-1637856",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_route_control_v9.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_route_control_v9.1",
            "product": {
              "name": "simatic_route_control_v9.1",
              "product_id": "CSAFPID-1470066",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_route_control_v9.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager",
            "product": {
              "name": "simatic_rtls_locating_manager",
              "product_id": "CSAFPID-1691398",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager:3.0.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-0da00_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-0da00_",
              "product_id": "CSAFPID-1703180",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da00_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-0da10_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-0da10_",
              "product_id": "CSAFPID-1703181",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da10_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-0da20_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-0da20_",
              "product_id": "CSAFPID-1703182",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da20_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-0da30_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-0da30_",
              "product_id": "CSAFPID-1703183",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-0da30_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-1ea10_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-1ea10_",
              "product_id": "CSAFPID-1703184",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea10_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-1ea20_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-1ea20_",
              "product_id": "CSAFPID-1703185",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea20_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rtls_locating_manager__6gt2780-1ea30_",
            "product": {
              "name": "simatic_rtls_locating_manager__6gt2780-1ea30_",
              "product_id": "CSAFPID-1703186",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rtls_locating_manager__6gt2780-1ea30_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
              "product_id": "CSAFPID-1615260",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
              "product_id": "CSAFPID-1615261",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
              "product_id": "CSAFPID-1615262",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
              "product_id": "CSAFPID-1615263",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem",
            "product": {
              "name": "simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem",
              "product_id": "CSAFPID-1703131",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-plcsim_v16",
            "product": {
              "name": "simatic_s7-plcsim_v16",
              "product_id": "CSAFPID-1712825",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-plcsim_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-plcsim_v17",
            "product": {
              "name": "simatic_s7-plcsim_v17",
              "product_id": "CSAFPID-1712826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-plcsim_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_safety_v16",
            "product": {
              "name": "simatic_step_7_safety_v16",
              "product_id": "CSAFPID-1703190",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_safety_v17",
            "product": {
              "name": "simatic_step_7_safety_v17",
              "product_id": "CSAFPID-1703191",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_safety_v18",
            "product": {
              "name": "simatic_step_7_safety_v18",
              "product_id": "CSAFPID-1500667",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v16",
            "product": {
              "name": "simatic_step_7_v16",
              "product_id": "CSAFPID-1703187",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v17",
            "product": {
              "name": "simatic_step_7_v17",
              "product_id": "CSAFPID-1703188",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v18",
            "product": {
              "name": "simatic_step_7_v18",
              "product_id": "CSAFPID-1703189",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v5",
            "product": {
              "name": "simatic_step_7_v5",
              "product_id": "CSAFPID-1637913",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7_v5",
            "product": {
              "name": "simatic_step_7_v5",
              "product_id": "CSAFPID-1457855",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_step_7_v5:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-75563",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1550826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:8.0:update_5:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.17",
            "product": {
              "name": "simatic_wincc_oa_v3.17",
              "product_id": "CSAFPID-1637914",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.17",
            "product": {
              "name": "simatic_wincc_oa_v3.17",
              "product_id": "CSAFPID-1457956",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.18",
            "product": {
              "name": "simatic_wincc_oa_v3.18",
              "product_id": "CSAFPID-1637915",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.18",
            "product": {
              "name": "simatic_wincc_oa_v3.18",
              "product_id": "CSAFPID-1457957",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.19",
            "product": {
              "name": "simatic_wincc_oa_v3.19",
              "product_id": "CSAFPID-1637916",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa_v3.19",
            "product": {
              "name": "simatic_wincc_oa_v3.19",
              "product_id": "CSAFPID-1457958",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_oa_v3.19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_advanced",
            "product": {
              "name": "simatic_wincc_runtime_advanced",
              "product_id": "CSAFPID-766087",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_advanced",
            "product": {
              "name": "simatic_wincc_runtime_advanced",
              "product_id": "CSAFPID-1470067",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-165765",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v16",
            "product": {
              "name": "simatic_wincc_runtime_professional_v16",
              "product_id": "CSAFPID-1637917",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v16",
            "product": {
              "name": "simatic_wincc_runtime_professional_v16",
              "product_id": "CSAFPID-1457960",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v16:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v17",
            "product": {
              "name": "simatic_wincc_runtime_professional_v17",
              "product_id": "CSAFPID-1637887",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v17",
            "product": {
              "name": "simatic_wincc_runtime_professional_v17",
              "product_id": "CSAFPID-1457961",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v18",
            "product": {
              "name": "simatic_wincc_runtime_professional_v18",
              "product_id": "CSAFPID-1501188",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v18",
            "product": {
              "name": "simatic_wincc_runtime_professional_v18",
              "product_id": "CSAFPID-1457962",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v19",
            "product": {
              "name": "simatic_wincc_runtime_professional_v19",
              "product_id": "CSAFPID-1501192",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v19",
            "product": {
              "name": "simatic_wincc_runtime_professional_v19",
              "product_id": "CSAFPID-1457963",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_pc_runtime",
            "product": {
              "name": "simatic_wincc_unified_pc_runtime",
              "product_id": "CSAFPID-744621",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_pc_runtime",
            "product": {
              "name": "simatic_wincc_unified_pc_runtime",
              "product_id": "CSAFPID-1470068",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_pc_runtime_v18",
            "product": {
              "name": "simatic_wincc_unified_pc_runtime_v18",
              "product_id": "CSAFPID-1637854",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_pc_runtime_v18",
            "product": {
              "name": "simatic_wincc_unified_pc_runtime_v18",
              "product_id": "CSAFPID-1637561",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_v16",
            "product": {
              "name": "simatic_wincc_unified_v16",
              "product_id": "CSAFPID-1703192",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_v17",
            "product": {
              "name": "simatic_wincc_unified_v17",
              "product_id": "CSAFPID-1703193",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_unified_v18",
            "product": {
              "name": "simatic_wincc_unified_v18",
              "product_id": "CSAFPID-1703194",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v16",
            "product": {
              "name": "simatic_wincc_v16",
              "product_id": "CSAFPID-1702687",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v17",
            "product": {
              "name": "simatic_wincc_v17",
              "product_id": "CSAFPID-1702688",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v18",
            "product": {
              "name": "simatic_wincc_v18",
              "product_id": "CSAFPID-1703195",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.4",
            "product": {
              "name": "simatic_wincc_v7.4",
              "product_id": "CSAFPID-1501193",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.4",
            "product": {
              "name": "simatic_wincc_v7.4",
              "product_id": "CSAFPID-1457965",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.5",
            "product": {
              "name": "simatic_wincc_v7.5",
              "product_id": "CSAFPID-1501191",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.5",
            "product": {
              "name": "simatic_wincc_v7.5",
              "product_id": "CSAFPID-1457966",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v8.0",
            "product": {
              "name": "simatic_wincc_v8.0",
              "product_id": "CSAFPID-1501189",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v8.0",
            "product": {
              "name": "simatic_wincc_v8.0",
              "product_id": "CSAFPID-1457967",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simocode_es_v16",
            "product": {
              "name": "simocode_es_v16",
              "product_id": "CSAFPID-1702694",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simocode_es_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simocode_es_v17",
            "product": {
              "name": "simocode_es_v17",
              "product_id": "CSAFPID-1703196",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simocode_es_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simocode_es_v18",
            "product": {
              "name": "simocode_es_v18",
              "product_id": "CSAFPID-1703197",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simocode_es_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simotion_scout_tia_v5.4_sp1",
            "product": {
              "name": "simotion_scout_tia_v5.4_sp1",
              "product_id": "CSAFPID-1703198",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simotion_scout_tia_v5.4_sp3",
            "product": {
              "name": "simotion_scout_tia_v5.4_sp3",
              "product_id": "CSAFPID-1703199",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simotion_scout_tia_v5.5_sp1",
            "product": {
              "name": "simotion_scout_tia_v5.5_sp1",
              "product_id": "CSAFPID-1703200",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.5_sp1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive",
            "product": {
              "name": "sinamics_startdrive",
              "product_id": "CSAFPID-1625341",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive",
            "product": {
              "name": "sinamics_startdrive",
              "product_id": "CSAFPID-1470069",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive_v16",
            "product": {
              "name": "sinamics_startdrive_v16",
              "product_id": "CSAFPID-1703201",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive_v17",
            "product": {
              "name": "sinamics_startdrive_v17",
              "product_id": "CSAFPID-1703202",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinamics_startdrive_v18",
            "product": {
              "name": "sinamics_startdrive_v18",
              "product_id": "CSAFPID-1703203",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_ins",
            "product": {
              "name": "sinec_ins",
              "product_id": "CSAFPID-746925",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_network_management_system",
            "product": {
              "name": "sinec_network_management_system",
              "product_id": "CSAFPID-1691397",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_network_management_system:2.0:sp1:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-309392",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-1458012",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-1693062",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:2.0:sp2:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-1691473",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinema_remote_connect_client",
            "product": {
              "name": "sinema_remote_connect_client",
              "product_id": "CSAFPID-894438",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_one_virtual",
            "product": {
              "name": "sinumerik_one_virtual",
              "product_id": "CSAFPID-1625342",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_one_virtual:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_one_virtual",
            "product": {
              "name": "sinumerik_one_virtual",
              "product_id": "CSAFPID-1470070",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_one_virtual:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_plc_programming_tool",
            "product": {
              "name": "sinumerik_plc_programming_tool",
              "product_id": "CSAFPID-1625338",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_plc_programming_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_plc_programming_tool",
            "product": {
              "name": "sinumerik_plc_programming_tool",
              "product_id": "CSAFPID-1470071",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_plc_programming_tool:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
            "product": {
              "name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
              "product_id": "CSAFPID-1615264",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siport",
            "product": {
              "name": "siport",
              "product_id": "CSAFPID-1712847",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siport:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sirius_safety_es_v17",
            "product": {
              "name": "sirius_safety_es_v17",
              "product_id": "CSAFPID-1703204",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sirius_safety_es_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sirius_safety_es_v18",
            "product": {
              "name": "sirius_safety_es_v18",
              "product_id": "CSAFPID-1703205",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sirius_safety_es_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sirius_soft_starter_es_v17",
            "product": {
              "name": "sirius_soft_starter_es_v17",
              "product_id": "CSAFPID-1703206",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sirius_soft_starter_es_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sirius_soft_starter_es_v18",
            "product": {
              "name": "sirius_soft_starter_es_v18",
              "product_id": "CSAFPID-1703207",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sirius_soft_starter_es_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "solid_edge_se2024",
            "product": {
              "name": "solid_edge_se2024",
              "product_id": "CSAFPID-1680248",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "spectrum_power_7",
            "product": {
              "name": "spectrum_power_7",
              "product_id": "CSAFPID-524281",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "st7_scadaconnect",
            "product": {
              "name": "st7_scadaconnect",
              "product_id": "CSAFPID-1691077",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:st7_scadaconnect:1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "st7_scadaconnect__6nh7997-5da10-0aa0_",
            "product": {
              "name": "st7_scadaconnect__6nh7997-5da10-0aa0_",
              "product_id": "CSAFPID-1703173",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:st7_scadaconnect__6nh7997-5da10-0aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic",
            "product": {
              "name": "telecontrol_server_basic",
              "product_id": "CSAFPID-1691051",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic:3.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_1000_v3.1",
            "product": {
              "name": "telecontrol_server_basic_1000_v3.1",
              "product_id": "CSAFPID-1712839",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_1000_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_256_v3.1",
            "product": {
              "name": "telecontrol_server_basic_256_v3.1",
              "product_id": "CSAFPID-1712840",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_256_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_32_v3.1",
            "product": {
              "name": "telecontrol_server_basic_32_v3.1",
              "product_id": "CSAFPID-1712841",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_32_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_5000_v3.1",
            "product": {
              "name": "telecontrol_server_basic_5000_v3.1",
              "product_id": "CSAFPID-1712842",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_5000_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_64_v3.1",
            "product": {
              "name": "telecontrol_server_basic_64_v3.1",
              "product_id": "CSAFPID-1712843",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_64_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_8_v3.1",
            "product": {
              "name": "telecontrol_server_basic_8_v3.1",
              "product_id": "CSAFPID-1712844",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_8_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_serv_upgr",
            "product": {
              "name": "telecontrol_server_basic_serv_upgr",
              "product_id": "CSAFPID-1712845",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_serv_upgr:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_upgr_v3.1",
            "product": {
              "name": "telecontrol_server_basic_upgr_v3.1",
              "product_id": "CSAFPID-1712846",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_upgr_v3.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "telecontrol_server_basic_v3",
            "product": {
              "name": "telecontrol_server_basic_v3",
              "product_id": "CSAFPID-1637855",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:telecontrol_server_basic_v3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_connector",
            "product": {
              "name": "tia_portal_cloud_connector",
              "product_id": "CSAFPID-1625345",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_connector:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_connector",
            "product": {
              "name": "tia_portal_cloud_connector",
              "product_id": "CSAFPID-1470072",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_connector:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_v16",
            "product": {
              "name": "tia_portal_cloud_v16",
              "product_id": "CSAFPID-1712827",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_v17",
            "product": {
              "name": "tia_portal_cloud_v17",
              "product_id": "CSAFPID-1712828",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_cloud_v18",
            "product": {
              "name": "tia_portal_cloud_v18",
              "product_id": "CSAFPID-1712829",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-74798",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-75533",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-74794",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-74792",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal",
            "product": {
              "name": "totally_integrated_automation_portal",
              "product_id": "CSAFPID-1472073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v15.1",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v15.1",
              "product_id": "CSAFPID-1615531",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v15.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v15.1",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v15.1",
              "product_id": "CSAFPID-1458014",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v15.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v16",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v16",
              "product_id": "CSAFPID-1615256",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v16",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v16",
              "product_id": "CSAFPID-1458015",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v17",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v17",
              "product_id": "CSAFPID-1615257",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v17",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v17",
              "product_id": "CSAFPID-1458016",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v18",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v18",
              "product_id": "CSAFPID-1615258",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v18",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v18",
              "product_id": "CSAFPID-1458017",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v19",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v19",
              "product_id": "CSAFPID-1637618",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v19",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v19",
              "product_id": "CSAFPID-1470073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "wincc",
            "product": {
              "name": "wincc",
              "product_id": "CSAFPID-1625343",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "wincc_tia_portal",
            "product": {
              "name": "wincc_tia_portal",
              "product_id": "CSAFPID-465667",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:wincc_tia_portal:11.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500",
            "product": {
              "name": "simatic_s7-1500",
              "product_id": "CSAFPID-715650",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7",
            "product": {
              "name": "simatic_s7",
              "product_id": "CSAFPID-1613729",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:siemens:simatic_s7:1500:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "cpu_1518f-4_pn\\/dp_mfp_firmware",
            "product": {
              "name": "cpu_1518f-4_pn\\/dp_mfp_firmware",
              "product_id": "CSAFPID-1691401",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:cpu_1518f-4_pn\\/dp_mfp_firmware:3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "cpu_1518f-4_pn__dp_mfp_firmware",
            "product": {
              "name": "cpu_1518f-4_pn__dp_mfp_firmware",
              "product_id": "CSAFPID-715649",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:cpu_1518f-4_pn__dp_mfp_firmware:3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_ape1808",
            "product": {
              "name": "ruggedcom_ape1808",
              "product_id": "CSAFPID-880853",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:ruggedcom_ape1808:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "ruggedcom_ape1808_firmware",
            "product": {
              "name": "ruggedcom_ape1808_firmware",
              "product_id": "CSAFPID-542833",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "security_configuration_tool",
            "product": {
              "name": "security_configuration_tool",
              "product_id": "CSAFPID-540747",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:security_configuration_tool:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siemens_simatic_s7-1500_tm_mfp",
            "product": {
              "name": "siemens_simatic_s7-1500_tm_mfp",
              "product_id": "CSAFPID-1693048",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:siemens_simatic_s7-1500_tm_mfp:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siemens_simatic_s7_-1500_tm_mfp",
            "product": {
              "name": "siemens_simatic_s7_-1500_tm_mfp",
              "product_id": "CSAFPID-907212",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:siemens_simatic_s7_-1500_tm_mfp:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siemens_telecontrol_server_basic",
            "product": {
              "name": "siemens_telecontrol_server_basic",
              "product_id": "CSAFPID-907211",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:siemens_telecontrol_server_basic:3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_mv500_firmware",
            "product": {
              "name": "simatic_mv500_firmware",
              "product_id": "CSAFPID-1692274",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_mv500_firmware:3.3.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_net_pc_software",
            "product": {
              "name": "simatic_net_pc_software",
              "product_id": "CSAFPID-1472070",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_net_pc_software:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_7",
            "product": {
              "name": "simatic_pcs_7",
              "product_id": "CSAFPID-1472067",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_pcs_7:9.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn\\/dp_mfp_firmware",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn\\/dp_mfp_firmware",
              "product_id": "CSAFPID-1689769",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\\/dp_mfp_firmware:3.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn__dp_mfp_firmware",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn__dp_mfp_firmware",
              "product_id": "CSAFPID-766929",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn__dp_mfp_firmware:3.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_tm_mfp_firmware",
            "product": {
              "name": "simatic_s7-1500_tm_mfp_firmware",
              "product_id": "CSAFPID-717239",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_tm_mfp_firmware",
            "product": {
              "name": "simatic_s7-1500_tm_mfp_firmware",
              "product_id": "CSAFPID-905869",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_step_7",
            "product": {
              "name": "simatic_step_7",
              "product_id": "CSAFPID-879652",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_step_7:5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1472068",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1472066",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1472072",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc:8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_oa",
            "product": {
              "name": "simatic_wincc_oa",
              "product_id": "CSAFPID-1472071",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_oa:3.17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_advanced",
            "product": {
              "name": "simatic_wincc_runtime_advanced",
              "product_id": "CSAFPID-886176",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-165976",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_professional:16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-165974",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_professional:17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-855582",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_professional:18:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional",
            "product": {
              "name": "simatic_wincc_runtime_professional",
              "product_id": "CSAFPID-855580",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:siemens:simatic_wincc_runtime_professional:19:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3506",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-3506",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3506.json"
        }
      ],
      "title": "CVE-2021-3506"
    },
    {
      "cve": "CVE-2023-2975",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authentication",
          "title": "CWE-287"
        },
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        },
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1703073",
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-2975",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2975.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1703073",
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-2975"
    },
    {
      "cve": "CVE-2023-3341",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-3341",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3341.json"
        }
      ],
      "title": "CVE-2023-3341"
    },
    {
      "cve": "CVE-2023-3446",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Use of a Cryptographic Primitive with a Risky Implementation",
          "title": "CWE-1240"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703073",
          "CSAFPID-309392",
          "CSAFPID-1637855",
          "CSAFPID-1703131",
          "CSAFPID-1703173"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-3446",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3446.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703073",
            "CSAFPID-309392",
            "CSAFPID-1637855",
            "CSAFPID-1703131",
            "CSAFPID-1703173"
          ]
        }
      ],
      "title": "CVE-2023-3446"
    },
    {
      "cve": "CVE-2023-3817",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Use of a Cryptographic Primitive with a Risky Implementation",
          "title": "CWE-1240"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1613729",
          "CSAFPID-1703073",
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-3817",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1613729",
            "CSAFPID-1703073",
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-3817"
    },
    {
      "cve": "CVE-2023-4236",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reachable Assertion",
          "title": "CWE-617"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4236",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4236.json"
        }
      ],
      "title": "CVE-2023-4236"
    },
    {
      "cve": "CVE-2023-4408",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4408",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4408.json"
        }
      ],
      "title": "CVE-2023-4408"
    },
    {
      "cve": "CVE-2023-4807",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1637855",
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4807",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4807.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1637855",
            "CSAFPID-1703180",
            "CSAFPID-1703181",
            "CSAFPID-1703182",
            "CSAFPID-1703183",
            "CSAFPID-1703184",
            "CSAFPID-1703185",
            "CSAFPID-1703186"
          ]
        }
      ],
      "title": "CVE-2023-4807"
    },
    {
      "cve": "CVE-2023-5363",
      "cwe": {
        "id": "CWE-325",
        "name": "Missing Cryptographic Step"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Cryptographic Step",
          "title": "CWE-325"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Incorrect Provision of Specified Functionality",
          "title": "CWE-684"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5363",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5363.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1703180",
            "CSAFPID-1703181",
            "CSAFPID-1703182",
            "CSAFPID-1703183",
            "CSAFPID-1703184",
            "CSAFPID-1703185",
            "CSAFPID-1703186"
          ]
        }
      ],
      "title": "CVE-2023-5363"
    },
    {
      "cve": "CVE-2023-5517",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reachable Assertion",
          "title": "CWE-617"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5517",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5517.json"
        }
      ],
      "title": "CVE-2023-5517"
    },
    {
      "cve": "CVE-2023-5678",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        },
        {
          "category": "other",
          "text": "Missing Cryptographic Step",
          "title": "CWE-325"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1613729",
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1637855",
          "CSAFPID-1703131",
          "CSAFPID-309392",
          "CSAFPID-1703173",
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5678",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
        }
      ],
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5679",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reachable Assertion",
          "title": "CWE-617"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5679",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5679.json"
        }
      ],
      "title": "CVE-2023-5679"
    },
    {
      "cve": "CVE-2023-5680",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5680",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5680.json"
        }
      ],
      "title": "CVE-2023-5680"
    },
    {
      "cve": "CVE-2023-6129",
      "cwe": {
        "id": "CWE-328",
        "name": "Use of Weak Hash"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Weak Hash",
          "title": "CWE-328"
        },
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6129",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json"
        }
      ],
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2023-6237",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6237",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6237.json"
        }
      ],
      "title": "CVE-2023-6237"
    },
    {
      "cve": "CVE-2023-6516",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6516",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6516.json"
        }
      ],
      "title": "CVE-2023-6516"
    },
    {
      "cve": "CVE-2023-7104",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-7104",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2023-7104"
    },
    {
      "cve": "CVE-2023-28450",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1613504",
          "CSAFPID-1613505",
          "CSAFPID-1613506",
          "CSAFPID-1613507",
          "CSAFPID-1613592",
          "CSAFPID-1613593",
          "CSAFPID-1613594",
          "CSAFPID-1613595",
          "CSAFPID-1613596",
          "CSAFPID-1613597",
          "CSAFPID-1613598"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-28450",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28450.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1613504",
            "CSAFPID-1613505",
            "CSAFPID-1613506",
            "CSAFPID-1613507",
            "CSAFPID-1613592",
            "CSAFPID-1613593",
            "CSAFPID-1613594",
            "CSAFPID-1613595",
            "CSAFPID-1613596",
            "CSAFPID-1613597",
            "CSAFPID-1613598"
          ]
        }
      ],
      "title": "CVE-2023-28450"
    },
    {
      "cve": "CVE-2023-30584",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-30584",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30584.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-30584"
    },
    {
      "cve": "CVE-2023-32002",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        },
        {
          "category": "other",
          "text": "Policy Privileges are not Assigned Consistently Between Control and Data Agents",
          "title": "CWE-1268"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32002",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32002.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32002"
    },
    {
      "cve": "CVE-2023-32003",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32003",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32003.json"
        }
      ],
      "title": "CVE-2023-32003"
    },
    {
      "cve": "CVE-2023-32004",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32004",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32004.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32004"
    },
    {
      "cve": "CVE-2023-32005",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32005",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32005.json"
        }
      ],
      "title": "CVE-2023-32005"
    },
    {
      "cve": "CVE-2023-32006",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Exposure of Sensitive Information Due to Incompatible Policies",
          "title": "CWE-213"
        },
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32006",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32006.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32006"
    },
    {
      "cve": "CVE-2023-32558",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32558",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32558.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32558"
    },
    {
      "cve": "CVE-2023-32559",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32559",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32559.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2023-32559"
    },
    {
      "cve": "CVE-2023-32736",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712825",
          "CSAFPID-1712826",
          "CSAFPID-1703190",
          "CSAFPID-1703191",
          "CSAFPID-1500667",
          "CSAFPID-1703187",
          "CSAFPID-1703188",
          "CSAFPID-1703189",
          "CSAFPID-1703192",
          "CSAFPID-1703193",
          "CSAFPID-1703194",
          "CSAFPID-1702687",
          "CSAFPID-1702688",
          "CSAFPID-1703195",
          "CSAFPID-1702694",
          "CSAFPID-1703196",
          "CSAFPID-1703197",
          "CSAFPID-1703198",
          "CSAFPID-1703199",
          "CSAFPID-1703200",
          "CSAFPID-1703201",
          "CSAFPID-1703202",
          "CSAFPID-1703203",
          "CSAFPID-1703204",
          "CSAFPID-1703205",
          "CSAFPID-1703206",
          "CSAFPID-1703207",
          "CSAFPID-1712827",
          "CSAFPID-1712828",
          "CSAFPID-1712829"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32736",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32736.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712825",
            "CSAFPID-1712826",
            "CSAFPID-1703190",
            "CSAFPID-1703191",
            "CSAFPID-1500667",
            "CSAFPID-1703187",
            "CSAFPID-1703188",
            "CSAFPID-1703189",
            "CSAFPID-1703192",
            "CSAFPID-1703193",
            "CSAFPID-1703194",
            "CSAFPID-1702687",
            "CSAFPID-1702688",
            "CSAFPID-1703195",
            "CSAFPID-1702694",
            "CSAFPID-1703196",
            "CSAFPID-1703197",
            "CSAFPID-1703198",
            "CSAFPID-1703199",
            "CSAFPID-1703200",
            "CSAFPID-1703201",
            "CSAFPID-1703202",
            "CSAFPID-1703203",
            "CSAFPID-1703204",
            "CSAFPID-1703205",
            "CSAFPID-1703206",
            "CSAFPID-1703207",
            "CSAFPID-1712827",
            "CSAFPID-1712828",
            "CSAFPID-1712829"
          ]
        }
      ],
      "title": "CVE-2023-32736"
    },
    {
      "cve": "CVE-2023-38552",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-38552",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38552.json"
        }
      ],
      "title": "CVE-2023-38552"
    },
    {
      "cve": "CVE-2023-38709",
      "cwe": {
        "id": "CWE-113",
        "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
          "title": "CWE-113"
        },
        {
          "category": "other",
          "text": "Improper Validation of Specified Quantity in Input",
          "title": "CWE-1284"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-38709",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38709.json"
        }
      ],
      "title": "CVE-2023-38709"
    },
    {
      "cve": "CVE-2023-39331",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-39331",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39331.json"
        }
      ],
      "title": "CVE-2023-39331"
    },
    {
      "cve": "CVE-2023-39332",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-39332",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39332.json"
        }
      ],
      "title": "CVE-2023-39332"
    },
    {
      "cve": "CVE-2023-39333",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-39333",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39333.json"
        }
      ],
      "title": "CVE-2023-39333"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-309392",
          "CSAFPID-1615259",
          "CSAFPID-1703173"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-44487",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-309392",
            "CSAFPID-1615259",
            "CSAFPID-1703173"
          ]
        }
      ],
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45143",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45143",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45143.json"
        }
      ],
      "title": "CVE-2023-45143"
    },
    {
      "cve": "CVE-2023-46218",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information Into Sent Data",
          "title": "CWE-201"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46218",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703180",
            "CSAFPID-1703181",
            "CSAFPID-1703182",
            "CSAFPID-1703183",
            "CSAFPID-1703184",
            "CSAFPID-1703185",
            "CSAFPID-1703186"
          ]
        }
      ],
      "title": "CVE-2023-46218"
    },
    {
      "cve": "CVE-2023-46219",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703180",
          "CSAFPID-1703181",
          "CSAFPID-1703182",
          "CSAFPID-1703183",
          "CSAFPID-1703184",
          "CSAFPID-1703185",
          "CSAFPID-1703186"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46219",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46219.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703180",
            "CSAFPID-1703181",
            "CSAFPID-1703182",
            "CSAFPID-1703183",
            "CSAFPID-1703184",
            "CSAFPID-1703185",
            "CSAFPID-1703186"
          ]
        }
      ],
      "title": "CVE-2023-46219"
    },
    {
      "cve": "CVE-2023-46280",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1458012",
          "CSAFPID-309392",
          "CSAFPID-1625338",
          "CSAFPID-1625340",
          "CSAFPID-1625341",
          "CSAFPID-75563",
          "CSAFPID-1625342",
          "CSAFPID-165765",
          "CSAFPID-1625345",
          "CSAFPID-766087",
          "CSAFPID-1637559",
          "CSAFPID-1637560",
          "CSAFPID-1637561",
          "CSAFPID-1637909",
          "CSAFPID-1637910",
          "CSAFPID-1637849",
          "CSAFPID-1637850",
          "CSAFPID-1637851",
          "CSAFPID-1637911",
          "CSAFPID-1501190",
          "CSAFPID-1637912",
          "CSAFPID-1637856",
          "CSAFPID-1637913",
          "CSAFPID-1637914",
          "CSAFPID-1637915",
          "CSAFPID-1637916",
          "CSAFPID-1637917",
          "CSAFPID-1637887",
          "CSAFPID-1501188",
          "CSAFPID-1501192",
          "CSAFPID-1637854",
          "CSAFPID-1501193",
          "CSAFPID-1501191",
          "CSAFPID-1501189",
          "CSAFPID-1615531",
          "CSAFPID-1615256",
          "CSAFPID-1615257",
          "CSAFPID-1615258",
          "CSAFPID-1637618",
          "CSAFPID-1470060",
          "CSAFPID-1470061",
          "CSAFPID-1470062",
          "CSAFPID-1470063",
          "CSAFPID-1470064",
          "CSAFPID-1457909",
          "CSAFPID-1470065",
          "CSAFPID-1470066",
          "CSAFPID-1457855",
          "CSAFPID-1457956",
          "CSAFPID-1457957",
          "CSAFPID-1457958",
          "CSAFPID-1470067",
          "CSAFPID-1457960",
          "CSAFPID-1457961",
          "CSAFPID-1457962",
          "CSAFPID-1457963",
          "CSAFPID-1470068",
          "CSAFPID-1457965",
          "CSAFPID-1457966",
          "CSAFPID-1457967",
          "CSAFPID-1470069",
          "CSAFPID-1470070",
          "CSAFPID-1470071",
          "CSAFPID-1470072",
          "CSAFPID-1458014",
          "CSAFPID-1458015",
          "CSAFPID-1458016",
          "CSAFPID-1458017",
          "CSAFPID-1470073",
          "CSAFPID-75533",
          "CSAFPID-1472069",
          "CSAFPID-1472073",
          "CSAFPID-74792",
          "CSAFPID-74794",
          "CSAFPID-1457906",
          "CSAFPID-1457907",
          "CSAFPID-1457908"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46280",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46280.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1458012",
            "CSAFPID-309392",
            "CSAFPID-1625338",
            "CSAFPID-1625340",
            "CSAFPID-1625341",
            "CSAFPID-75563",
            "CSAFPID-1625342",
            "CSAFPID-165765",
            "CSAFPID-1625345",
            "CSAFPID-766087",
            "CSAFPID-1637559",
            "CSAFPID-1637560",
            "CSAFPID-1637561",
            "CSAFPID-1637909",
            "CSAFPID-1637910",
            "CSAFPID-1637849",
            "CSAFPID-1637850",
            "CSAFPID-1637851",
            "CSAFPID-1637911",
            "CSAFPID-1501190",
            "CSAFPID-1637912",
            "CSAFPID-1637856",
            "CSAFPID-1637913",
            "CSAFPID-1637914",
            "CSAFPID-1637915",
            "CSAFPID-1637916",
            "CSAFPID-1637917",
            "CSAFPID-1637887",
            "CSAFPID-1501188",
            "CSAFPID-1501192",
            "CSAFPID-1637854",
            "CSAFPID-1501193",
            "CSAFPID-1501191",
            "CSAFPID-1501189",
            "CSAFPID-1615531",
            "CSAFPID-1615256",
            "CSAFPID-1615257",
            "CSAFPID-1615258",
            "CSAFPID-1637618",
            "CSAFPID-1470060",
            "CSAFPID-1470061",
            "CSAFPID-1470062",
            "CSAFPID-1470063",
            "CSAFPID-1470064",
            "CSAFPID-1457909",
            "CSAFPID-1470065",
            "CSAFPID-1470066",
            "CSAFPID-1457855",
            "CSAFPID-1457956",
            "CSAFPID-1457957",
            "CSAFPID-1457958",
            "CSAFPID-1470067",
            "CSAFPID-1457960",
            "CSAFPID-1457961",
            "CSAFPID-1457962",
            "CSAFPID-1457963",
            "CSAFPID-1470068",
            "CSAFPID-1457965",
            "CSAFPID-1457966",
            "CSAFPID-1457967",
            "CSAFPID-1470069",
            "CSAFPID-1470070",
            "CSAFPID-1470071",
            "CSAFPID-1470072",
            "CSAFPID-1458014",
            "CSAFPID-1458015",
            "CSAFPID-1458016",
            "CSAFPID-1458017",
            "CSAFPID-1470073",
            "CSAFPID-75533",
            "CSAFPID-1472069",
            "CSAFPID-1472073",
            "CSAFPID-74792",
            "CSAFPID-74794",
            "CSAFPID-1457906",
            "CSAFPID-1457907",
            "CSAFPID-1457908"
          ]
        }
      ],
      "title": "CVE-2023-46280"
    },
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Timing Discrepancy",
          "title": "CWE-208"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46809",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46809.json"
        }
      ],
      "title": "CVE-2023-46809"
    },
    {
      "cve": "CVE-2023-47038",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-47038",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47038.json"
        }
      ],
      "title": "CVE-2023-47038"
    },
    {
      "cve": "CVE-2023-47039",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-47039",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47039.json"
        }
      ],
      "title": "CVE-2023-47039"
    },
    {
      "cve": "CVE-2023-47100",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-47100",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47100.json"
        }
      ],
      "title": "CVE-2023-47100"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Truncation of Security-relevant Information",
          "title": "CWE-222"
        },
        {
          "category": "other",
          "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
          "title": "CWE-757"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615259",
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-48795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615259",
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-49441",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-49441",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49441.json"
        }
      ],
      "title": "CVE-2023-49441"
    },
    {
      "cve": "CVE-2023-50387",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50387",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50387.json"
        }
      ],
      "title": "CVE-2023-50387"
    },
    {
      "cve": "CVE-2023-50868",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50868",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50868.json"
        }
      ],
      "title": "CVE-2023-50868"
    },
    {
      "cve": "CVE-2023-52389",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-52389",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52389.json"
        }
      ],
      "title": "CVE-2023-52389"
    },
    {
      "cve": "CVE-2024-0232",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0232",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json"
        }
      ],
      "title": "CVE-2024-0232"
    },
    {
      "cve": "CVE-2024-0727",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1613729",
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0727",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1613729",
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-2004",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Cleartext Transmission of Sensitive Information",
          "title": "CWE-319"
        },
        {
          "category": "other",
          "text": "Misinterpretation of Input",
          "title": "CWE-115"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Interpretation Conflict",
          "title": "CWE-436"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2004",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2004"
    },
    {
      "cve": "CVE-2024-2379",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2379",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2379.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2379"
    },
    {
      "cve": "CVE-2024-2398",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Resource after Effective Lifetime",
          "title": "CWE-772"
        },
        {
          "category": "other",
          "text": "Missing Release of Memory after Effective Lifetime",
          "title": "CWE-401"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2398",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2398"
    },
    {
      "cve": "CVE-2024-2466",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "other",
          "text": "Improper Validation of Certificate with Host Mismatch",
          "title": "CWE-297"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2466",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2466"
    },
    {
      "cve": "CVE-2024-2511",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improperly Controlled Sequential Memory Allocation",
          "title": "CWE-1325"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2511",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2024-2511"
    },
    {
      "cve": "CVE-2024-4603",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4603",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json"
        }
      ],
      "title": "CVE-2024-4603"
    },
    {
      "cve": "CVE-2024-4741",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4741",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json"
        }
      ],
      "title": "CVE-2024-4741"
    },
    {
      "cve": "CVE-2024-5535",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-1703131"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5535",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-1703131"
          ]
        }
      ],
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-5594",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5594",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5594.json"
        }
      ],
      "title": "CVE-2024-5594"
    },
    {
      "cve": "CVE-2024-21890",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Insufficient Technical Documentation",
          "title": "CWE-1059"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21890",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21890.json"
        }
      ],
      "title": "CVE-2024-21890"
    },
    {
      "cve": "CVE-2024-21891",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21891.json"
        }
      ],
      "title": "CVE-2024-21891"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21892",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21892.json"
        }
      ],
      "title": "CVE-2024-21892"
    },
    {
      "cve": "CVE-2024-21896",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21896",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21896.json"
        }
      ],
      "title": "CVE-2024-21896"
    },
    {
      "cve": "CVE-2024-22017",
      "cwe": {
        "id": "CWE-271",
        "name": "Privilege Dropping / Lowering Errors"
      },
      "notes": [
        {
          "category": "other",
          "text": "Privilege Dropping / Lowering Errors",
          "title": "CWE-271"
        },
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22017",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22017.json"
        }
      ],
      "title": "CVE-2024-22017"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22019",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json"
        }
      ],
      "title": "CVE-2024-22019"
    },
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22025",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22025.json"
        }
      ],
      "title": "CVE-2024-22025"
    },
    {
      "cve": "CVE-2024-24758",
      "cwe": {
        "id": "CWE-942",
        "name": "Permissive Cross-domain Policy with Untrusted Domains"
      },
      "notes": [
        {
          "category": "other",
          "text": "Permissive Cross-domain Policy with Untrusted Domains",
          "title": "CWE-942"
        },
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24758",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24758.json"
        }
      ],
      "title": "CVE-2024-24758"
    },
    {
      "cve": "CVE-2024-24795",
      "cwe": {
        "id": "CWE-113",
        "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
          "title": "CWE-113"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24795.json"
        }
      ],
      "title": "CVE-2024-24795"
    },
    {
      "cve": "CVE-2024-24806",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24806",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24806.json"
        }
      ],
      "title": "CVE-2024-24806"
    },
    {
      "cve": "CVE-2024-26306",
      "cwe": {
        "id": "CWE-310",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-310",
          "title": "CWE-310"
        },
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26306",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26306.json"
        }
      ],
      "title": "CVE-2024-26306"
    },
    {
      "cve": "CVE-2024-26925",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Locking",
          "title": "CWE-667"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26925",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26925.json"
        }
      ],
      "title": "CVE-2024-26925"
    },
    {
      "cve": "CVE-2024-27316",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27316",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
        }
      ],
      "title": "CVE-2024-27316"
    },
    {
      "cve": "CVE-2024-27980",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27980",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27980.json"
        }
      ],
      "title": "CVE-2024-27980"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27982",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27982.json"
        }
      ],
      "title": "CVE-2024-27982"
    },
    {
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27983",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json"
        }
      ],
      "title": "CVE-2024-27983"
    },
    {
      "cve": "CVE-2024-28882",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Resource after Effective Lifetime",
          "title": "CWE-772"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28882",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28882.json"
        }
      ],
      "title": "CVE-2024-28882"
    },
    {
      "cve": "CVE-2024-29119",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Privilege Assignment",
          "title": "CWE-266"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-524281"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29119",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29119.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-524281"
          ]
        }
      ],
      "title": "CVE-2024-29119"
    },
    {
      "cve": "CVE-2024-36140",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712832",
          "CSAFPID-1712833"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36140",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36140.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712832",
            "CSAFPID-1712833"
          ]
        }
      ],
      "title": "CVE-2024-36140"
    },
    {
      "cve": "CVE-2024-44102",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712834",
          "CSAFPID-1712835",
          "CSAFPID-1712836",
          "CSAFPID-1712837",
          "CSAFPID-1712838",
          "CSAFPID-1712839",
          "CSAFPID-1712840",
          "CSAFPID-1712841",
          "CSAFPID-1712842",
          "CSAFPID-1712843",
          "CSAFPID-1712844",
          "CSAFPID-1712845",
          "CSAFPID-1712846"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-44102",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44102.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712834",
            "CSAFPID-1712835",
            "CSAFPID-1712836",
            "CSAFPID-1712837",
            "CSAFPID-1712838",
            "CSAFPID-1712839",
            "CSAFPID-1712840",
            "CSAFPID-1712841",
            "CSAFPID-1712842",
            "CSAFPID-1712843",
            "CSAFPID-1712844",
            "CSAFPID-1712845",
            "CSAFPID-1712846"
          ]
        }
      ],
      "title": "CVE-2024-44102"
    },
    {
      "cve": "CVE-2024-46888",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46888",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46888.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46888"
    },
    {
      "cve": "CVE-2024-46889",
      "cwe": {
        "id": "CWE-321",
        "name": "Use of Hard-coded Cryptographic Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Cryptographic Key",
          "title": "CWE-321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46889",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46889.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46889"
    },
    {
      "cve": "CVE-2024-46890",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46890",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46890.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46890"
    },
    {
      "cve": "CVE-2024-46891",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46891.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46891"
    },
    {
      "cve": "CVE-2024-46892",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Session Expiration",
          "title": "CWE-613"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46892",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46892.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46892"
    },
    {
      "cve": "CVE-2024-46894",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-746925"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46894",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46894.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-746925"
          ]
        }
      ],
      "title": "CVE-2024-46894"
    },
    {
      "cve": "CVE-2024-47783",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712847"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47783",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47783.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712847"
          ]
        }
      ],
      "title": "CVE-2024-47783"
    },
    {
      "cve": "CVE-2024-47808",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-309392"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47808",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47808.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-309392"
          ]
        }
      ],
      "title": "CVE-2024-47808"
    },
    {
      "cve": "CVE-2024-47940",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1680248"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47940",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47940.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1680248"
          ]
        }
      ],
      "title": "CVE-2024-47940"
    },
    {
      "cve": "CVE-2024-47941",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1680248"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47941",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47941.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1680248"
          ]
        }
      ],
      "title": "CVE-2024-47941"
    },
    {
      "cve": "CVE-2024-47942",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Search Path Element",
          "title": "CWE-427"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1680248"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47942",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47942.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1680248"
          ]
        }
      ],
      "title": "CVE-2024-47942"
    },
    {
      "cve": "CVE-2024-50310",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712748"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50310",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50310.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712748"
          ]
        }
      ],
      "title": "CVE-2024-50310"
    },
    {
      "cve": "CVE-2024-50313",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637622",
          "CSAFPID-1637623",
          "CSAFPID-1637624",
          "CSAFPID-1637625",
          "CSAFPID-1637626"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50313",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50313.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637622",
            "CSAFPID-1637623",
            "CSAFPID-1637624",
            "CSAFPID-1637625",
            "CSAFPID-1637626"
          ]
        }
      ],
      "title": "CVE-2024-50313"
    },
    {
      "cve": "CVE-2024-50557",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50557",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50557.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50557"
    },
    {
      "cve": "CVE-2024-50558",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50558",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50558.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50558"
    },
    {
      "cve": "CVE-2024-50559",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50559",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50559.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50559"
    },
    {
      "cve": "CVE-2024-50560",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50560",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50560.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50560"
    },
    {
      "cve": "CVE-2024-50561",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50561",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50561.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50561"
    },
    {
      "cve": "CVE-2024-50572",
      "cwe": {
        "id": "CWE-74",
        "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "title": "CWE-74"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1702670",
          "CSAFPID-1702671",
          "CSAFPID-1702672",
          "CSAFPID-1712749",
          "CSAFPID-1712750",
          "CSAFPID-1702677",
          "CSAFPID-1702678",
          "CSAFPID-1702679",
          "CSAFPID-1712751",
          "CSAFPID-1712752",
          "CSAFPID-1702681",
          "CSAFPID-1712753",
          "CSAFPID-1702682",
          "CSAFPID-1702683",
          "CSAFPID-1712754",
          "CSAFPID-1712755",
          "CSAFPID-1712756",
          "CSAFPID-1712757",
          "CSAFPID-1712758",
          "CSAFPID-1712759",
          "CSAFPID-1702684",
          "CSAFPID-1702685",
          "CSAFPID-1712760",
          "CSAFPID-1712761"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50572",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50572.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1702670",
            "CSAFPID-1702671",
            "CSAFPID-1702672",
            "CSAFPID-1712749",
            "CSAFPID-1712750",
            "CSAFPID-1702677",
            "CSAFPID-1702678",
            "CSAFPID-1702679",
            "CSAFPID-1712751",
            "CSAFPID-1712752",
            "CSAFPID-1702681",
            "CSAFPID-1712753",
            "CSAFPID-1702682",
            "CSAFPID-1702683",
            "CSAFPID-1712754",
            "CSAFPID-1712755",
            "CSAFPID-1712756",
            "CSAFPID-1712757",
            "CSAFPID-1712758",
            "CSAFPID-1712759",
            "CSAFPID-1702684",
            "CSAFPID-1702685",
            "CSAFPID-1712760",
            "CSAFPID-1712761"
          ]
        }
      ],
      "title": "CVE-2024-50572"
    }
  ]
}

OPENSUSE-SU-2024:13697-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

corepack20-20.11.1-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: corepack20-20.11.1-1.1 on GA media

Description of the patch: These are all security issues fixed in the corepack20-20.11.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13697

CVE-2023-46809

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-21890

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-21891

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-21892

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-21896

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-22017

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-22019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-22025

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-24758

3.9 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2024-24806

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

33 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-46809/	self
https://www.suse.com/security/cve/CVE-2024-21890/	self
https://www.suse.com/security/cve/CVE-2024-21891/	self
https://www.suse.com/security/cve/CVE-2024-21892/	self
https://www.suse.com/security/cve/CVE-2024-21896/	self
https://www.suse.com/security/cve/CVE-2024-22017/	self
https://www.suse.com/security/cve/CVE-2024-22019/	self
https://www.suse.com/security/cve/CVE-2024-22025/	self
https://www.suse.com/security/cve/CVE-2024-24758/	self
https://www.suse.com/security/cve/CVE-2024-24806/	self
https://www.suse.com/security/cve/CVE-2023-46809	external
https://bugzilla.suse.com/1219997	external
https://www.suse.com/security/cve/CVE-2024-21890	external
https://bugzilla.suse.com/1219999	external
https://www.suse.com/security/cve/CVE-2024-21891	external
https://bugzilla.suse.com/1219998	external
https://www.suse.com/security/cve/CVE-2024-21892	external
https://bugzilla.suse.com/1219992	external
https://www.suse.com/security/cve/CVE-2024-21896	external
https://bugzilla.suse.com/1219994	external
https://www.suse.com/security/cve/CVE-2024-22017	external
https://bugzilla.suse.com/1219995	external
https://www.suse.com/security/cve/CVE-2024-22019	external
https://bugzilla.suse.com/1219993	external
https://www.suse.com/security/cve/CVE-2024-22025	external
https://bugzilla.suse.com/1220014	external
https://www.suse.com/security/cve/CVE-2024-24758	external
https://bugzilla.suse.com/1220017	external
https://www.suse.com/security/cve/CVE-2024-24806	external
https://bugzilla.suse.com/1219724	external
https://bugzilla.suse.com/1220056	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "corepack20-20.11.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the corepack20-20.11.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13697",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13697-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46809 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46809/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21890 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21891 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21891/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21892 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21892/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21896 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21896/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-22017 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-22017/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-22019 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-22019/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-22025 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-22025/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-24758 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-24758/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-24806 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-24806/"
      }
    ],
    "title": "corepack20-20.11.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13697-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack20-20.11.1-1.1.aarch64",
                "product": {
                  "name": "corepack20-20.11.1-1.1.aarch64",
                  "product_id": "corepack20-20.11.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-20.11.1-1.1.aarch64",
                "product": {
                  "name": "nodejs20-20.11.1-1.1.aarch64",
                  "product_id": "nodejs20-20.11.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-devel-20.11.1-1.1.aarch64",
                "product": {
                  "name": "nodejs20-devel-20.11.1-1.1.aarch64",
                  "product_id": "nodejs20-devel-20.11.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-docs-20.11.1-1.1.aarch64",
                "product": {
                  "name": "nodejs20-docs-20.11.1-1.1.aarch64",
                  "product_id": "nodejs20-docs-20.11.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "npm20-20.11.1-1.1.aarch64",
                "product": {
                  "name": "npm20-20.11.1-1.1.aarch64",
                  "product_id": "npm20-20.11.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack20-20.11.1-1.1.ppc64le",
                "product": {
                  "name": "corepack20-20.11.1-1.1.ppc64le",
                  "product_id": "corepack20-20.11.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-20.11.1-1.1.ppc64le",
                "product": {
                  "name": "nodejs20-20.11.1-1.1.ppc64le",
                  "product_id": "nodejs20-20.11.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-devel-20.11.1-1.1.ppc64le",
                "product": {
                  "name": "nodejs20-devel-20.11.1-1.1.ppc64le",
                  "product_id": "nodejs20-devel-20.11.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-docs-20.11.1-1.1.ppc64le",
                "product": {
                  "name": "nodejs20-docs-20.11.1-1.1.ppc64le",
                  "product_id": "nodejs20-docs-20.11.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "npm20-20.11.1-1.1.ppc64le",
                "product": {
                  "name": "npm20-20.11.1-1.1.ppc64le",
                  "product_id": "npm20-20.11.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack20-20.11.1-1.1.s390x",
                "product": {
                  "name": "corepack20-20.11.1-1.1.s390x",
                  "product_id": "corepack20-20.11.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-20.11.1-1.1.s390x",
                "product": {
                  "name": "nodejs20-20.11.1-1.1.s390x",
                  "product_id": "nodejs20-20.11.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-devel-20.11.1-1.1.s390x",
                "product": {
                  "name": "nodejs20-devel-20.11.1-1.1.s390x",
                  "product_id": "nodejs20-devel-20.11.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-docs-20.11.1-1.1.s390x",
                "product": {
                  "name": "nodejs20-docs-20.11.1-1.1.s390x",
                  "product_id": "nodejs20-docs-20.11.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "npm20-20.11.1-1.1.s390x",
                "product": {
                  "name": "npm20-20.11.1-1.1.s390x",
                  "product_id": "npm20-20.11.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack20-20.11.1-1.1.x86_64",
                "product": {
                  "name": "corepack20-20.11.1-1.1.x86_64",
                  "product_id": "corepack20-20.11.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-20.11.1-1.1.x86_64",
                "product": {
                  "name": "nodejs20-20.11.1-1.1.x86_64",
                  "product_id": "nodejs20-20.11.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-devel-20.11.1-1.1.x86_64",
                "product": {
                  "name": "nodejs20-devel-20.11.1-1.1.x86_64",
                  "product_id": "nodejs20-devel-20.11.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs20-docs-20.11.1-1.1.x86_64",
                "product": {
                  "name": "nodejs20-docs-20.11.1-1.1.x86_64",
                  "product_id": "nodejs20-docs-20.11.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "npm20-20.11.1-1.1.x86_64",
                "product": {
                  "name": "npm20-20.11.1-1.1.x86_64",
                  "product_id": "npm20-20.11.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack20-20.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64"
        },
        "product_reference": "corepack20-20.11.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack20-20.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le"
        },
        "product_reference": "corepack20-20.11.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack20-20.11.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x"
        },
        "product_reference": "corepack20-20.11.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack20-20.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64"
        },
        "product_reference": "corepack20-20.11.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-20.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64"
        },
        "product_reference": "nodejs20-20.11.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-20.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le"
        },
        "product_reference": "nodejs20-20.11.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-20.11.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x"
        },
        "product_reference": "nodejs20-20.11.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-20.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64"
        },
        "product_reference": "nodejs20-20.11.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-devel-20.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64"
        },
        "product_reference": "nodejs20-devel-20.11.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-devel-20.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le"
        },
        "product_reference": "nodejs20-devel-20.11.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-devel-20.11.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x"
        },
        "product_reference": "nodejs20-devel-20.11.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-devel-20.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64"
        },
        "product_reference": "nodejs20-devel-20.11.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-docs-20.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64"
        },
        "product_reference": "nodejs20-docs-20.11.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-docs-20.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le"
        },
        "product_reference": "nodejs20-docs-20.11.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-docs-20.11.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x"
        },
        "product_reference": "nodejs20-docs-20.11.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs20-docs-20.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64"
        },
        "product_reference": "nodejs20-docs-20.11.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm20-20.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64"
        },
        "product_reference": "npm20-20.11.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm20-20.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le"
        },
        "product_reference": "npm20-20.11.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm20-20.11.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x"
        },
        "product_reference": "npm20-20.11.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm20-20.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        },
        "product_reference": "npm20-20.11.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46809"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46809",
          "url": "https://www.suse.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219997 for CVE-2023-46809",
          "url": "https://bugzilla.suse.com/1219997"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-46809"
    },
    {
      "cve": "CVE-2024-21890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21890",
          "url": "https://www.suse.com/security/cve/CVE-2024-21890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219999 for CVE-2024-21890",
          "url": "https://bugzilla.suse.com/1219999"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-21890"
    },
    {
      "cve": "CVE-2024-21891",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21891"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21891",
          "url": "https://www.suse.com/security/cve/CVE-2024-21891"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219998 for CVE-2024-21891",
          "url": "https://bugzilla.suse.com/1219998"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-21891"
    },
    {
      "cve": "CVE-2024-21892",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21892"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21892",
          "url": "https://www.suse.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219992 for CVE-2024-21892",
          "url": "https://bugzilla.suse.com/1219992"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-21892"
    },
    {
      "cve": "CVE-2024-21896",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21896"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21896",
          "url": "https://www.suse.com/security/cve/CVE-2024-21896"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219994 for CVE-2024-21896",
          "url": "https://bugzilla.suse.com/1219994"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-21896"
    },
    {
      "cve": "CVE-2024-22017",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-22017"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "setuid() does not affect libuv\u0027s internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-22017",
          "url": "https://www.suse.com/security/cve/CVE-2024-22017"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219995 for CVE-2024-22017",
          "url": "https://bugzilla.suse.com/1219995"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-22017"
    },
    {
      "cve": "CVE-2024-22019",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-22019"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-22019",
          "url": "https://www.suse.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219993 for CVE-2024-22019",
          "url": "https://bugzilla.suse.com/1219993"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-22019"
    },
    {
      "cve": "CVE-2024-22025",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-22025"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.\nThe vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.\nAn attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-22025",
          "url": "https://www.suse.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220014 for CVE-2024-22025",
          "url": "https://bugzilla.suse.com/1220014"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-22025"
    },
    {
      "cve": "CVE-2024-24758",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-24758"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-24758",
          "url": "https://www.suse.com/security/cve/CVE-2024-24758"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220017 for CVE-2024-24758",
          "url": "https://bugzilla.suse.com/1220017"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2024-24758"
    },
    {
      "cve": "CVE-2024-24806",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-24806"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
          "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-24806",
          "url": "https://www.suse.com/security/cve/CVE-2024-24806"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219724 for CVE-2024-24806",
          "url": "https://bugzilla.suse.com/1219724"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220056 for CVE-2024-24806",
          "url": "https://bugzilla.suse.com/1220056"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:corepack20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-devel-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:nodejs20-docs-20.11.1-1.1.x86_64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.aarch64",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.ppc64le",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.s390x",
            "openSUSE Tumbleweed:npm20-20.11.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-24806"
    }
  ]
}

OPENSUSE-SU-2024:13698-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

corepack21-21.6.2-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: corepack21-21.6.2-1.1 on GA media

Description of the patch: These are all security issues fixed in the corepack21-21.6.2-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13698

CVE-2023-46809

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-21890

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-21891

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-21892

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-21896

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-22017

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-22019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-22025

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-24758

3.9 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

29 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-46809/	self
https://www.suse.com/security/cve/CVE-2024-21890/	self
https://www.suse.com/security/cve/CVE-2024-21891/	self
https://www.suse.com/security/cve/CVE-2024-21892/	self
https://www.suse.com/security/cve/CVE-2024-21896/	self
https://www.suse.com/security/cve/CVE-2024-22017/	self
https://www.suse.com/security/cve/CVE-2024-22019/	self
https://www.suse.com/security/cve/CVE-2024-22025/	self
https://www.suse.com/security/cve/CVE-2024-24758/	self
https://www.suse.com/security/cve/CVE-2023-46809	external
https://bugzilla.suse.com/1219997	external
https://www.suse.com/security/cve/CVE-2024-21890	external
https://bugzilla.suse.com/1219999	external
https://www.suse.com/security/cve/CVE-2024-21891	external
https://bugzilla.suse.com/1219998	external
https://www.suse.com/security/cve/CVE-2024-21892	external
https://bugzilla.suse.com/1219992	external
https://www.suse.com/security/cve/CVE-2024-21896	external
https://bugzilla.suse.com/1219994	external
https://www.suse.com/security/cve/CVE-2024-22017	external
https://bugzilla.suse.com/1219995	external
https://www.suse.com/security/cve/CVE-2024-22019	external
https://bugzilla.suse.com/1219993	external
https://www.suse.com/security/cve/CVE-2024-22025	external
https://bugzilla.suse.com/1220014	external
https://www.suse.com/security/cve/CVE-2024-24758	external
https://bugzilla.suse.com/1220017	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "corepack21-21.6.2-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the corepack21-21.6.2-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13698",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13698-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46809 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46809/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21890 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21891 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21891/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21892 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21892/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21896 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21896/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-22017 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-22017/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-22019 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-22019/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-22025 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-22025/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-24758 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-24758/"
      }
    ],
    "title": "corepack21-21.6.2-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13698-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack21-21.6.2-1.1.aarch64",
                "product": {
                  "name": "corepack21-21.6.2-1.1.aarch64",
                  "product_id": "corepack21-21.6.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-21.6.2-1.1.aarch64",
                "product": {
                  "name": "nodejs21-21.6.2-1.1.aarch64",
                  "product_id": "nodejs21-21.6.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-devel-21.6.2-1.1.aarch64",
                "product": {
                  "name": "nodejs21-devel-21.6.2-1.1.aarch64",
                  "product_id": "nodejs21-devel-21.6.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-docs-21.6.2-1.1.aarch64",
                "product": {
                  "name": "nodejs21-docs-21.6.2-1.1.aarch64",
                  "product_id": "nodejs21-docs-21.6.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "npm21-21.6.2-1.1.aarch64",
                "product": {
                  "name": "npm21-21.6.2-1.1.aarch64",
                  "product_id": "npm21-21.6.2-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack21-21.6.2-1.1.ppc64le",
                "product": {
                  "name": "corepack21-21.6.2-1.1.ppc64le",
                  "product_id": "corepack21-21.6.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-21.6.2-1.1.ppc64le",
                "product": {
                  "name": "nodejs21-21.6.2-1.1.ppc64le",
                  "product_id": "nodejs21-21.6.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-devel-21.6.2-1.1.ppc64le",
                "product": {
                  "name": "nodejs21-devel-21.6.2-1.1.ppc64le",
                  "product_id": "nodejs21-devel-21.6.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-docs-21.6.2-1.1.ppc64le",
                "product": {
                  "name": "nodejs21-docs-21.6.2-1.1.ppc64le",
                  "product_id": "nodejs21-docs-21.6.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "npm21-21.6.2-1.1.ppc64le",
                "product": {
                  "name": "npm21-21.6.2-1.1.ppc64le",
                  "product_id": "npm21-21.6.2-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack21-21.6.2-1.1.s390x",
                "product": {
                  "name": "corepack21-21.6.2-1.1.s390x",
                  "product_id": "corepack21-21.6.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-21.6.2-1.1.s390x",
                "product": {
                  "name": "nodejs21-21.6.2-1.1.s390x",
                  "product_id": "nodejs21-21.6.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-devel-21.6.2-1.1.s390x",
                "product": {
                  "name": "nodejs21-devel-21.6.2-1.1.s390x",
                  "product_id": "nodejs21-devel-21.6.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-docs-21.6.2-1.1.s390x",
                "product": {
                  "name": "nodejs21-docs-21.6.2-1.1.s390x",
                  "product_id": "nodejs21-docs-21.6.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "npm21-21.6.2-1.1.s390x",
                "product": {
                  "name": "npm21-21.6.2-1.1.s390x",
                  "product_id": "npm21-21.6.2-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "corepack21-21.6.2-1.1.x86_64",
                "product": {
                  "name": "corepack21-21.6.2-1.1.x86_64",
                  "product_id": "corepack21-21.6.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-21.6.2-1.1.x86_64",
                "product": {
                  "name": "nodejs21-21.6.2-1.1.x86_64",
                  "product_id": "nodejs21-21.6.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-devel-21.6.2-1.1.x86_64",
                "product": {
                  "name": "nodejs21-devel-21.6.2-1.1.x86_64",
                  "product_id": "nodejs21-devel-21.6.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs21-docs-21.6.2-1.1.x86_64",
                "product": {
                  "name": "nodejs21-docs-21.6.2-1.1.x86_64",
                  "product_id": "nodejs21-docs-21.6.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "npm21-21.6.2-1.1.x86_64",
                "product": {
                  "name": "npm21-21.6.2-1.1.x86_64",
                  "product_id": "npm21-21.6.2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack21-21.6.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64"
        },
        "product_reference": "corepack21-21.6.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack21-21.6.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le"
        },
        "product_reference": "corepack21-21.6.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack21-21.6.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x"
        },
        "product_reference": "corepack21-21.6.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "corepack21-21.6.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64"
        },
        "product_reference": "corepack21-21.6.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-21.6.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64"
        },
        "product_reference": "nodejs21-21.6.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-21.6.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le"
        },
        "product_reference": "nodejs21-21.6.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-21.6.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x"
        },
        "product_reference": "nodejs21-21.6.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-21.6.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64"
        },
        "product_reference": "nodejs21-21.6.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-devel-21.6.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64"
        },
        "product_reference": "nodejs21-devel-21.6.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-devel-21.6.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le"
        },
        "product_reference": "nodejs21-devel-21.6.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-devel-21.6.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x"
        },
        "product_reference": "nodejs21-devel-21.6.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-devel-21.6.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64"
        },
        "product_reference": "nodejs21-devel-21.6.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-docs-21.6.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64"
        },
        "product_reference": "nodejs21-docs-21.6.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-docs-21.6.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le"
        },
        "product_reference": "nodejs21-docs-21.6.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-docs-21.6.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x"
        },
        "product_reference": "nodejs21-docs-21.6.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs21-docs-21.6.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64"
        },
        "product_reference": "nodejs21-docs-21.6.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm21-21.6.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64"
        },
        "product_reference": "npm21-21.6.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm21-21.6.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le"
        },
        "product_reference": "npm21-21.6.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm21-21.6.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x"
        },
        "product_reference": "npm21-21.6.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm21-21.6.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        },
        "product_reference": "npm21-21.6.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46809"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46809",
          "url": "https://www.suse.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219997 for CVE-2023-46809",
          "url": "https://bugzilla.suse.com/1219997"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-46809"
    },
    {
      "cve": "CVE-2024-21890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21890",
          "url": "https://www.suse.com/security/cve/CVE-2024-21890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219999 for CVE-2024-21890",
          "url": "https://bugzilla.suse.com/1219999"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-21890"
    },
    {
      "cve": "CVE-2024-21891",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21891"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21891",
          "url": "https://www.suse.com/security/cve/CVE-2024-21891"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219998 for CVE-2024-21891",
          "url": "https://bugzilla.suse.com/1219998"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-21891"
    },
    {
      "cve": "CVE-2024-21892",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21892"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21892",
          "url": "https://www.suse.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219992 for CVE-2024-21892",
          "url": "https://bugzilla.suse.com/1219992"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-21892"
    },
    {
      "cve": "CVE-2024-21896",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21896"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21896",
          "url": "https://www.suse.com/security/cve/CVE-2024-21896"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219994 for CVE-2024-21896",
          "url": "https://bugzilla.suse.com/1219994"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-21896"
    },
    {
      "cve": "CVE-2024-22017",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-22017"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "setuid() does not affect libuv\u0027s internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-22017",
          "url": "https://www.suse.com/security/cve/CVE-2024-22017"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219995 for CVE-2024-22017",
          "url": "https://bugzilla.suse.com/1219995"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-22017"
    },
    {
      "cve": "CVE-2024-22019",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-22019"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-22019",
          "url": "https://www.suse.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219993 for CVE-2024-22019",
          "url": "https://bugzilla.suse.com/1219993"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-22019"
    },
    {
      "cve": "CVE-2024-22025",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-22025"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.\nThe vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.\nAn attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-22025",
          "url": "https://www.suse.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220014 for CVE-2024-22025",
          "url": "https://bugzilla.suse.com/1220014"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-22025"
    },
    {
      "cve": "CVE-2024-24758",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-24758"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
          "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-24758",
          "url": "https://www.suse.com/security/cve/CVE-2024-24758"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220017 for CVE-2024-24758",
          "url": "https://bugzilla.suse.com/1220017"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:corepack21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-devel-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:nodejs21-docs-21.6.2-1.1.x86_64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.aarch64",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.ppc64le",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.s390x",
            "openSUSE Tumbleweed:npm21-21.6.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2024-24758"
    }
  ]
}

RHSA-2024:1503

Vulnerability from csaf_redhat - Published: 2024-03-25 20:29 - Updated: 2026-06-03 17:12

Summary

Red Hat Security Advisory: nodejs:18 security update

Severity

Important

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-46809

A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-21892

A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-22019

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

References

15 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:1503	self
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-46809	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://www.cve.org/CVERecord?id=CVE-2023-46809	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46809	external
https://access.redhat.com/security/cve/CVE-2024-21892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://www.cve.org/CVERecord?id=CVE-2024-21892	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21892	external
https://access.redhat.com/security/cve/CVE-2024-22019	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://www.cve.org/CVERecord?id=CVE-2024-22019	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22019	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\n* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\n* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1503",
        "url": "https://access.redhat.com/errata/RHSA-2024:1503"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1503.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2026-06-03T17:12:49+00:00",
      "generator": {
        "date": "2026-06-03T17:12:49+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2024:1503",
      "initial_release_date": "2024-03-25T20:29:38+00:00",
      "revision_history": [
        {
          "date": "2024-03-25T20:29:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-03-25T20:29:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:12:49+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.3.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0%2B19762%2Bd716bf3b?arch=src\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=src\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0%2B19762%2Bd716bf3b?arch=noarch\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9030020240301111035:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264569"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Node.js vulnerability poses a notable risk as it allows for covert timing side-channel attacks during RSA ciphertext decryption, potentially enabling attackers to decrypt captured data or forge signatures.\n\nIt\u0027s classified as \"Medium\" severity rather than important due to its dependency on specific conditions for exploitation, such as the use of the privateDecrypt() API with PKCS#1 v1.5 padding.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264569",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-25T20:29:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1503"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection and privilege escalation through Linux capabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as an Important severity rather than Critical due to several factors. While it allows unprivileged users to inject code and potentially escalate privileges in a process running with elevated privileges, it does so under specific conditions and limitations. The vulnerability only affects Linux systems where Node.js is running with elevated privileges, and it relies on a specific bug in handling environment variables set by unprivileged users. Additionally, the impact is constrained to the Node.js environment and does not directly compromise the underlying operating system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-25T20:29:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1503"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: code injection and privilege escalation through Linux capabilities"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264574"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this vulnerability in Node.js HTTP servers poses a significant risk to system stability and availability, it is classified as a important severity issue rather than a critical one due to several factors. Firstly, while the vulnerability can lead to denial of service (DoS) attacks by causing resource exhaustion, it does not directly compromise the confidentiality or integrity of data stored or processed by the server. Additionally, the exploit requires the attacker to send specially crafted HTTP requests, which may limit the ease and scope of potential attacks compared to more critical vulnerabilities that can be exploited remotely without specific conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264574",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-25T20:29:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1503"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x::nodejs:18",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks"
    }
  ]
}

RHSA-2024:1510

Vulnerability from csaf_redhat - Published: 2024-03-26 09:31 - Updated: 2026-06-03 17:12

Summary

Red Hat Security Advisory: nodejs:18 security update

Severity

Important

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) * nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-46809

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-21892

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-22019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

References

18 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:1510	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-46809	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://www.cve.org/CVERecord?id=CVE-2023-46809	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46809	external
https://access.redhat.com/security/cve/CVE-2024-21892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://www.cve.org/CVERecord?id=CVE-2024-21892	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21892	external
https://access.redhat.com/security/cve/CVE-2024-22019	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://www.cve.org/CVERecord?id=CVE-2024-22019	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22019	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\n* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\n* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1510",
        "url": "https://access.redhat.com/errata/RHSA-2024:1510"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2264569",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
      },
      {
        "category": "external",
        "summary": "2264574",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
      },
      {
        "category": "external",
        "summary": "2264582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1510.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2026-06-03T17:12:49+00:00",
      "generator": {
        "date": "2026-06-03T17:12:49+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2024:1510",
      "initial_release_date": "2024-03-26T09:31:25+00:00",
      "revision_history": [
        {
          "date": "2024-03-26T09:31:25+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-03-26T09:31:25+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:12:49+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.9.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=src\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=src\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=noarch\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=noarch\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B21190%2B5ebd2c33?arch=noarch\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel8.9.0%2B21387%2B21356dec?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel8.9.0%2B21387%2B21356dec?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel8.9.0%2B21387%2B21356dec?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel8.9.0%2B21387%2B21356dec?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel8.9.0%2B21387%2B21356dec?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8090020240301110609:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264569"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Node.js vulnerability poses a notable risk as it allows for covert timing side-channel attacks during RSA ciphertext decryption, potentially enabling attackers to decrypt captured data or forge signatures.\n\nIt\u0027s classified as \"Medium\" severity rather than important due to its dependency on specific conditions for exploitation, such as the use of the privateDecrypt() API with PKCS#1 v1.5 padding.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264569",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-26T09:31:25+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1510"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection and privilege escalation through Linux capabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as an Important severity rather than Critical due to several factors. While it allows unprivileged users to inject code and potentially escalate privileges in a process running with elevated privileges, it does so under specific conditions and limitations. The vulnerability only affects Linux systems where Node.js is running with elevated privileges, and it relies on a specific bug in handling environment variables set by unprivileged users. Additionally, the impact is constrained to the Node.js environment and does not directly compromise the underlying operating system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-26T09:31:25+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1510"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: code injection and privilege escalation through Linux capabilities"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264574"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this vulnerability in Node.js HTTP servers poses a significant risk to system stability and availability, it is classified as a important severity issue rather than a critical one due to several factors. Firstly, while the vulnerability can lead to denial of service (DoS) attacks by causing resource exhaustion, it does not directly compromise the confidentiality or integrity of data stored or processed by the server. Additionally, the exploit requires the attacker to send specially crafted HTTP requests, which may limit the ease and scope of potential attacks compared to more critical vulnerabilities that can be exploited remotely without specific conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264574",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-26T09:31:25+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1510"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:18.19.1-1.module+el8.9.0+21387+21356dec.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.src::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+21190+5ebd2c33.noarch::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.aarch64::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.s390x::nodejs:18",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks"
    }
  ]
}

RHSA-2024:1687

Vulnerability from csaf_redhat - Published: 2024-04-08 09:13 - Updated: 2026-06-03 17:12

Summary

Red Hat Security Advisory: nodejs:20 security update

Severity

Important

Notes

Topic: An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) * nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896) * nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891) * nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890) * nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)

CVE-2023-46809

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-21890

A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.

5.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-1059 - Insufficient Technical Documentation

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-21891

A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-21892

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-21896

A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.

7.9 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix

Threats

Impact Important

CVE-2024-22017

A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-269 - Improper Privilege Management

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix

Threats

Impact Important

CVE-2024-22019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Important

References

38 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:1687	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265717	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265720	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265722	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265727	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-46809	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://www.cve.org/CVERecord?id=CVE-2023-46809	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46809	external
https://access.redhat.com/security/cve/CVE-2024-21890	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265722	external
https://www.cve.org/CVERecord?id=CVE-2024-21890	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21890	external
https://access.redhat.com/security/cve/CVE-2024-21891	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265720	external
https://www.cve.org/CVERecord?id=CVE-2024-21891	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21891	external
https://access.redhat.com/security/cve/CVE-2024-21892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://www.cve.org/CVERecord?id=CVE-2024-21892	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21892	external
https://access.redhat.com/security/cve/CVE-2024-21896	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265717	external
https://www.cve.org/CVERecord?id=CVE-2024-21896	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21896	external
https://access.redhat.com/security/cve/CVE-2024-22017	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265727	external
https://www.cve.org/CVERecord?id=CVE-2024-22017	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22017	external
https://access.redhat.com/security/cve/CVE-2024-22019	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://www.cve.org/CVERecord?id=CVE-2024-22019	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22019	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\n* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\n* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\n* nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896)\n\n* nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891)\n\n* nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890)\n\n* nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1687",
        "url": "https://access.redhat.com/errata/RHSA-2024:1687"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2264569",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
      },
      {
        "category": "external",
        "summary": "2264574",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
      },
      {
        "category": "external",
        "summary": "2264582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
      },
      {
        "category": "external",
        "summary": "2265717",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265717"
      },
      {
        "category": "external",
        "summary": "2265720",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265720"
      },
      {
        "category": "external",
        "summary": "2265722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265722"
      },
      {
        "category": "external",
        "summary": "2265727",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265727"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1687.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:20 security update",
    "tracking": {
      "current_release_date": "2026-06-03T17:12:50+00:00",
      "generator": {
        "date": "2026-06-03T17:12:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2024:1687",
      "initial_release_date": "2024-04-08T09:13:52+00:00",
      "revision_history": [
        {
          "date": "2024-04-08T09:13:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-04-08T09:13:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:12:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.9.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=src\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=src\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch (nodejs:20)",
                  "product_id": "nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=noarch\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                "product": {
                  "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20)",
                  "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel8.9.0%2B21380%2B12032667?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                "product": {
                  "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20)",
                  "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel8.9.0%2B21380%2B12032667?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                "product": {
                  "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x (nodejs:20)",
                  "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel8.9.0%2B21380%2B12032667?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel8.9.0%2B21380%2B12032667?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                "product": {
                  "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20)",
                  "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel8.9.0%2B21380%2B12032667?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240228165436:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20"
        },
        "product_reference": "nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20"
        },
        "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20"
        },
        "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20"
        },
        "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        },
        "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264569"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Node.js vulnerability poses a notable risk as it allows for covert timing side-channel attacks during RSA ciphertext decryption, potentially enabling attackers to decrypt captured data or forge signatures.\n\nIt\u0027s classified as \"Medium\" severity rather than important due to its dependency on specific conditions for exploitation, such as the use of the privateDecrypt() API with PKCS#1 v1.5 padding.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264569",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T09:13:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1687"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)"
    },
    {
      "cve": "CVE-2024-21890",
      "cwe": {
        "id": "CWE-1059",
        "name": "Insufficient Technical Documentation"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This misleading documentation affects all users using the experimental permission model in active release lines 20.x and 21.x.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21890"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21890",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21890"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T09:13:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1687"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write"
    },
    {
      "cve": "CVE-2024-21891",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265720"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "It is a path-traversal / filesystem permission bypass vulnerability in Node.js, specifically related to the experimental permission model in versions 20 and 21, however, the \u201cpermission model\u201d feature is experimental (i.e., not default) in Node.js 20/21 at the time of disclosure, which is why this has been marked as moderate by Redhat",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21891"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265720",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265720"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21891",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21891"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T09:13:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1687"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection and privilege escalation through Linux capabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as an Important severity rather than Critical due to several factors. While it allows unprivileged users to inject code and potentially escalate privileges in a process running with elevated privileges, it does so under specific conditions and limitations. The vulnerability only affects Linux systems where Node.js is running with elevated privileges, and it relies on a specific bug in handling environment variables set by unprivileged users. Additionally, the impact is constrained to the Node.js environment and does not directly compromise the underlying operating system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T09:13:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1687"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: code injection and privilege escalation through Linux capabilities"
    },
    {
      "cve": "CVE-2024-21896",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265717"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: path traversal by monkey-patching buffer internals",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability affects users using the experimental permission model in active release lines 20.x and 21.x.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21896"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265717",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265717"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21896",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21896",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21896"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T09:13:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1687"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: path traversal by monkey-patching buffer internals"
    },
    {
      "cve": "CVE-2024-22017",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265727"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js, where the setuid() does not affect libuv\u0027s internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: setuid() does not drop all privileges due to io_uring",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability affects all users in active release lines 20.x, and 21.x.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22017"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265727",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265727"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22017",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22017"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T09:13:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1687"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: setuid() does not drop all privileges due to io_uring"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264574"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this vulnerability in Node.js HTTP servers poses a significant risk to system stability and availability, it is classified as a important severity issue rather than a critical one due to several factors. Firstly, while the vulnerability can lead to denial of service (DoS) attacks by causing resource exhaustion, it does not directly compromise the confidentiality or integrity of data stored or processed by the server. Additionally, the exploit requires the attacker to send specially crafted HTTP requests, which may limit the ease and scope of potential attacks compared to more critical vulnerabilities that can be exploited remotely without specific conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264574",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T09:13:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1687"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el8.9.0+21380+12032667.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el8.9.0+21380+12032667.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el8.9.0+21380+12032667.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks"
    }
  ]
}

RHSA-2024:1688

Vulnerability from csaf_redhat - Published: 2024-04-08 08:54 - Updated: 2026-06-03 17:12

Summary

Red Hat Security Advisory: nodejs:20 security update

Severity

Important

Notes

Topic: An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2023-46809

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-21890

5.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-1059 - Insufficient Technical Documentation

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-21891

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-21892

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-21896

7.9 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix

Threats

Impact Important

CVE-2024-22017

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-269 - Improper Privilege Management

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix

Threats

Impact Important

CVE-2024-22019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Important

References

38 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:1688	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265717	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265720	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265722	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265727	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-46809	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://www.cve.org/CVERecord?id=CVE-2023-46809	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46809	external
https://access.redhat.com/security/cve/CVE-2024-21890	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265722	external
https://www.cve.org/CVERecord?id=CVE-2024-21890	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21890	external
https://access.redhat.com/security/cve/CVE-2024-21891	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265720	external
https://www.cve.org/CVERecord?id=CVE-2024-21891	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21891	external
https://access.redhat.com/security/cve/CVE-2024-21892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://www.cve.org/CVERecord?id=CVE-2024-21892	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21892	external
https://access.redhat.com/security/cve/CVE-2024-21896	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265717	external
https://www.cve.org/CVERecord?id=CVE-2024-21896	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21896	external
https://access.redhat.com/security/cve/CVE-2024-22017	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265727	external
https://www.cve.org/CVERecord?id=CVE-2024-22017	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22017	external
https://access.redhat.com/security/cve/CVE-2024-22019	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://www.cve.org/CVERecord?id=CVE-2024-22019	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22019	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\n* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\n* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\n* nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896)\n\n* nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891)\n\n* nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890)\n\n* nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1688",
        "url": "https://access.redhat.com/errata/RHSA-2024:1688"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2264569",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
      },
      {
        "category": "external",
        "summary": "2264574",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
      },
      {
        "category": "external",
        "summary": "2264582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
      },
      {
        "category": "external",
        "summary": "2265717",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265717"
      },
      {
        "category": "external",
        "summary": "2265720",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265720"
      },
      {
        "category": "external",
        "summary": "2265722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265722"
      },
      {
        "category": "external",
        "summary": "2265727",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265727"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1688.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:20 security update",
    "tracking": {
      "current_release_date": "2026-06-03T17:12:50+00:00",
      "generator": {
        "date": "2026-06-03T17:12:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2024:1688",
      "initial_release_date": "2024-04-08T08:54:12+00:00",
      "revision_history": [
        {
          "date": "2024-04-08T08:54:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-04-08T08:54:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:12:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.3.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch (nodejs:20)",
                  "product_id": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                "product": {
                  "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20)",
                  "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                "product": {
                  "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20)",
                  "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                "product": {
                  "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20)",
                  "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20)",
                  "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                "product": {
                  "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20)",
                  "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9030020240229115828:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20"
        },
        "product_reference": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20"
        },
        "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20"
        },
        "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20"
        },
        "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        },
        "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264569"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Node.js vulnerability poses a notable risk as it allows for covert timing side-channel attacks during RSA ciphertext decryption, potentially enabling attackers to decrypt captured data or forge signatures.\n\nIt\u0027s classified as \"Medium\" severity rather than important due to its dependency on specific conditions for exploitation, such as the use of the privateDecrypt() API with PKCS#1 v1.5 padding.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264569",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T08:54:12+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1688"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)"
    },
    {
      "cve": "CVE-2024-21890",
      "cwe": {
        "id": "CWE-1059",
        "name": "Insufficient Technical Documentation"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This misleading documentation affects all users using the experimental permission model in active release lines 20.x and 21.x.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21890"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21890",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21890"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T08:54:12+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1688"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write"
    },
    {
      "cve": "CVE-2024-21891",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265720"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "It is a path-traversal / filesystem permission bypass vulnerability in Node.js, specifically related to the experimental permission model in versions 20 and 21, however, the \u201cpermission model\u201d feature is experimental (i.e., not default) in Node.js 20/21 at the time of disclosure, which is why this has been marked as moderate by Redhat",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21891"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265720",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265720"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21891",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21891"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T08:54:12+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1688"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection and privilege escalation through Linux capabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as an Important severity rather than Critical due to several factors. While it allows unprivileged users to inject code and potentially escalate privileges in a process running with elevated privileges, it does so under specific conditions and limitations. The vulnerability only affects Linux systems where Node.js is running with elevated privileges, and it relies on a specific bug in handling environment variables set by unprivileged users. Additionally, the impact is constrained to the Node.js environment and does not directly compromise the underlying operating system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T08:54:12+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1688"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: code injection and privilege escalation through Linux capabilities"
    },
    {
      "cve": "CVE-2024-21896",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265717"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: path traversal by monkey-patching buffer internals",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability affects users using the experimental permission model in active release lines 20.x and 21.x.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21896"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265717",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265717"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21896",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21896",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21896"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T08:54:12+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1688"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: path traversal by monkey-patching buffer internals"
    },
    {
      "cve": "CVE-2024-22017",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265727"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js, where the setuid() does not affect libuv\u0027s internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: setuid() does not drop all privileges due to io_uring",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability affects all users in active release lines 20.x, and 21.x.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22017"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265727",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265727"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22017",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22017"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T08:54:12+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1688"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: setuid() does not drop all privileges due to io_uring"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264574"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this vulnerability in Node.js HTTP servers poses a significant risk to system stability and availability, it is classified as a important severity issue rather than a critical one due to several factors. Firstly, while the vulnerability can lead to denial of service (DoS) attacks by causing resource exhaustion, it does not directly compromise the confidentiality or integrity of data stored or processed by the server. Additionally, the exploit requires the attacker to send specially crafted HTTP requests, which may limit the ease and scope of potential attacks compared to more critical vulnerabilities that can be exploited remotely without specific conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
          "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264574",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-08T08:54:12+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1688"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x::nodejs:20",
            "AppStream-9.3.0.Z.MAIN:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks"
    }
  ]
}

RHSA-2024:1880

Vulnerability from csaf_redhat - Published: 2024-04-18 02:16 - Updated: 2026-06-03 17:12

Summary

Red Hat Security Advisory: nodejs:18 security update

Severity

Important

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs:18/nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs:18/nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) * nodejs:18/nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-46809

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-21892

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-22019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

References

18 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:1880	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-46809	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://www.cve.org/CVERecord?id=CVE-2023-46809	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46809	external
https://access.redhat.com/security/cve/CVE-2024-21892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://www.cve.org/CVERecord?id=CVE-2024-21892	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21892	external
https://access.redhat.com/security/cve/CVE-2024-22019	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://www.cve.org/CVERecord?id=CVE-2024-22019	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22019	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs:18/nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\n* nodejs:18/nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\n* nodejs:18/nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1880",
        "url": "https://access.redhat.com/errata/RHSA-2024:1880"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2264569",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
      },
      {
        "category": "external",
        "summary": "2264574",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
      },
      {
        "category": "external",
        "summary": "2264582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1880.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2026-06-03T17:12:51+00:00",
      "generator": {
        "date": "2026-06-03T17:12:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2024:1880",
      "initial_release_date": "2024-04-18T02:16:48+00:00",
      "revision_history": [
        {
          "date": "2024-04-18T02:16:48+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-04-18T02:16:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:12:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
                  "product_id": "AppStream-8.8.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.8.0%2B19757%2B8ca87034?arch=src\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=src\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.8.0%2B19757%2B8ca87034?arch=noarch\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=noarch\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=noarch\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel8.8.0%2B21592%2B14a8b93e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8080020240322102042:63b34585"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
          "product_id": "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264569"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Node.js vulnerability poses a notable risk as it allows for covert timing side-channel attacks during RSA ciphertext decryption, potentially enabling attackers to decrypt captured data or forge signatures.\n\nIt\u0027s classified as \"Medium\" severity rather than important due to its dependency on specific conditions for exploitation, such as the use of the privateDecrypt() API with PKCS#1 v1.5 padding.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264569",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T02:16:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1880"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection and privilege escalation through Linux capabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as an Important severity rather than Critical due to several factors. While it allows unprivileged users to inject code and potentially escalate privileges in a process running with elevated privileges, it does so under specific conditions and limitations. The vulnerability only affects Linux systems where Node.js is running with elevated privileges, and it relies on a specific bug in handling environment variables set by unprivileged users. Additionally, the impact is constrained to the Node.js environment and does not directly compromise the underlying operating system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T02:16:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1880"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: code injection and privilege escalation through Linux capabilities"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264574"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this vulnerability in Node.js HTTP servers poses a significant risk to system stability and availability, it is classified as a important severity issue rather than a critical one due to several factors. Firstly, while the vulnerability can lead to denial of service (DoS) attacks by causing resource exhaustion, it does not directly compromise the confidentiality or integrity of data stored or processed by the server. Additionally, the exploit requires the attacker to send specially crafted HTTP requests, which may limit the ease and scope of potential attacks compared to more critical vulnerabilities that can be exploited remotely without specific conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
          "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
          "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264574",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T02:16:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1880"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src::nodejs:18",
            "AppStream-8.8.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.aarch64::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.ppc64le::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.s390x::nodejs:18",
            "AppStream-8.8.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el8.8.0+21592+14a8b93e.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks"
    }
  ]
}

RHSA-2024:1932

Vulnerability from csaf_redhat - Published: 2024-04-22 01:14 - Updated: 2026-06-03 17:12

Summary

Red Hat Security Advisory: nodejs:18 security update

Severity

Important

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) * nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-46809

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-21892

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-22019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

References

18 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:1932	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-46809	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://www.cve.org/CVERecord?id=CVE-2023-46809	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46809	external
https://access.redhat.com/security/cve/CVE-2024-21892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://www.cve.org/CVERecord?id=CVE-2024-21892	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21892	external
https://access.redhat.com/security/cve/CVE-2024-22019	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://www.cve.org/CVERecord?id=CVE-2024-22019	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22019	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\n* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\n* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1932",
        "url": "https://access.redhat.com/errata/RHSA-2024:1932"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2264569",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
      },
      {
        "category": "external",
        "summary": "2264574",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
      },
      {
        "category": "external",
        "summary": "2264582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1932.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2026-06-03T17:12:51+00:00",
      "generator": {
        "date": "2026-06-03T17:12:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2024:1932",
      "initial_release_date": "2024-04-22T01:14:02+00:00",
      "revision_history": [
        {
          "date": "2024-04-22T01:14:02+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-04-22T01:14:02+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:12:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
                  "product_id": "AppStream-9.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.2.0.z%2B19753%2B58118bc0?arch=src\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=src\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.2.0.z%2B19753%2B58118bc0?arch=noarch\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18)",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.2.0%2B21594%2Ba052107e?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9020020240322155241:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
          "product_id": "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264569"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Node.js vulnerability poses a notable risk as it allows for covert timing side-channel attacks during RSA ciphertext decryption, potentially enabling attackers to decrypt captured data or forge signatures.\n\nIt\u0027s classified as \"Medium\" severity rather than important due to its dependency on specific conditions for exploitation, such as the use of the privateDecrypt() API with PKCS#1 v1.5 padding.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264569",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-22T01:14:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1932"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection and privilege escalation through Linux capabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as an Important severity rather than Critical due to several factors. While it allows unprivileged users to inject code and potentially escalate privileges in a process running with elevated privileges, it does so under specific conditions and limitations. The vulnerability only affects Linux systems where Node.js is running with elevated privileges, and it relies on a specific bug in handling environment variables set by unprivileged users. Additionally, the impact is constrained to the Node.js environment and does not directly compromise the underlying operating system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-22T01:14:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1932"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: code injection and privilege escalation through Linux capabilities"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264574"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this vulnerability in Node.js HTTP servers poses a significant risk to system stability and availability, it is classified as a important severity issue rather than a critical one due to several factors. Firstly, while the vulnerability can lead to denial of service (DoS) attacks by causing resource exhaustion, it does not directly compromise the confidentiality or integrity of data stored or processed by the server. Additionally, the exploit requires the attacker to send specially crafted HTTP requests, which may limit the ease and scope of potential attacks compared to more critical vulnerabilities that can be exploited remotely without specific conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
          "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264574",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-22T01:14:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1932"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debuginfo-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-debugsource-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-devel-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-docs-1:18.19.1-1.module+el9.2.0+21594+a052107e.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-full-i18n-1:18.19.1-1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.2.0.Z.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.aarch64::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.ppc64le::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.s390x::nodejs:18",
            "AppStream-9.2.0.Z.EUS:npm-1:10.2.4-1.18.19.1.1.module+el9.2.0+21594+a052107e.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks"
    }
  ]
}

RHSA-2024_1503

Vulnerability from csaf_redhat - Published: 2024-03-25 20:29 - Updated: 2024-12-17 22:54

Summary

Red Hat Security Advisory: nodejs:18 security update

Severity

Important

Notes

CVE-2023-46809

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 32 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-21892

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 32 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-22019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 32 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

15 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:1503	self
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-46809	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264569	external
https://www.cve.org/CVERecord?id=CVE-2023-46809	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46809	external
https://access.redhat.com/security/cve/CVE-2024-21892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264582	external
https://www.cve.org/CVERecord?id=CVE-2024-21892	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21892	external
https://access.redhat.com/security/cve/CVE-2024-22019	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264574	external
https://www.cve.org/CVERecord?id=CVE-2024-22019	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22019	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\n* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\n* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1503",
        "url": "https://access.redhat.com/errata/RHSA-2024:1503"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1503.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2024-12-17T22:54:24+00:00",
      "generator": {
        "date": "2024-12-17T22:54:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:1503",
      "initial_release_date": "2024-03-25T20:29:38+00:00",
      "revision_history": [
        {
          "date": "2024-03-25T20:29:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-03-25T20:29:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:54:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.3.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs:18:9030020240301111035:rhel9",
                "product": {
                  "name": "nodejs:18:9030020240301111035:rhel9",
                  "product_id": "nodejs:18:9030020240301111035:rhel9",
                  "product_identification_helper": {
                    "purl": "pkg:rpmmod/redhat/nodejs@18:9030020240301111035:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
                "product": {
                  "name": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
                  "product_id": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0%2B19762%2Bd716bf3b?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0%2B19762%2Bd716bf3b?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                "product": {
                  "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_id": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_id": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_id": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                "product": {
                  "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_id": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_id": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.19.1-1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
                "product": {
                  "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_id": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.2.4-1.18.19.1.1.module%2Bel9.3.0%2B21388%2B22892fb9?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
        },
        "product_reference": "nodejs:18:9030020240301111035:rhel9",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64"
        },
        "product_reference": "nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64"
        },
        "product_reference": "nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch"
        },
        "product_reference": "nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64 as a component of nodejs:18:9030020240301111035:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
        },
        "product_reference": "npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46809",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264569"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Node.js vulnerability poses a notable risk as it allows for covert timing side-channel attacks during RSA ciphertext decryption, potentially enabling attackers to decrypt captured data or forge signatures.\n\nIt\u0027s classified as \"Medium\" severity rather than important due to its dependency on specific conditions for exploitation, such as the use of the privateDecrypt() API with PKCS#1 v1.5 padding.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264569",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-25T20:29:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1503"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)"
    },
    {
      "cve": "CVE-2024-21892",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection and privilege escalation through Linux capabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as an Important severity rather than Critical due to several factors. While it allows unprivileged users to inject code and potentially escalate privileges in a process running with elevated privileges, it does so under specific conditions and limitations. The vulnerability only affects Linux systems where Node.js is running with elevated privileges, and it relies on a specific bug in handling environment variables set by unprivileged users. Additionally, the impact is constrained to the Node.js environment and does not directly compromise the underlying operating system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-25T20:29:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1503"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: code injection and privilege escalation through Linux capabilities"
    },
    {
      "cve": "CVE-2024-22019",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264574"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this vulnerability in Node.js HTTP servers poses a significant risk to system stability and availability, it is classified as a important severity issue rather than a critical one due to several factors. Firstly, while the vulnerability can lead to denial of service (DoS) attacks by causing resource exhaustion, it does not directly compromise the confidentiality or integrity of data stored or processed by the server. Additionally, the exploit requires the attacker to send specially crafted HTTP requests, which may limit the ease and scope of potential attacks compared to more critical vulnerabilities that can be exploited remotely without specific conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
          "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264574",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
        }
      ],
      "release_date": "2024-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-03-25T20:29:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1503"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debuginfo-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-debugsource-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-devel-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-docs-1:18.19.1-1.module+el9.3.0+21388+22892fb9.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-full-i18n-1:18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.aarch64",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.ppc64le",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.s390x",
            "AppStream-9.3.0.Z.MAIN:nodejs:18:9030020240301111035:rhel9:npm-1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-46809 (GCVE-0-2023-46809)

Tags

Sightings

Nomenclature