cvelistv5 - cve-2023-38552

cve-2023-38552

Vulnerability from cvelistv5

Published

2023-10-18 03:55

Modified

2024-08-02 17:46

Severity

Summary

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.

References

Source	URL	Tags
support@hackerone.com	https://hackerone.com/reports/2094235	Third Party Advisory
support@hackerone.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/	Mailing List, Third Party Advisory
support@hackerone.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/	Mailing List, Third Party Advisory
support@hackerone.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/	Mailing List, Third Party Advisory
support@hackerone.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/	Mailing List, Third Party Advisory
support@hackerone.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/	Mailing List, Third Party Advisory
support@hackerone.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/	Mailing List, Third Party Advisory
support@hackerone.com	https://security.netapp.com/advisory/ntap-20231116-0013/	Third Party Advisory

Impacted products

Vendor	Product
Node.js	Node.js

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.500Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2094235"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0013/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Node.js",
          "vendor": "Node.js",
          "versions": [
            {
              "lessThanOrEqual": "20.8.0",
              "status": "affected",
              "version": "20.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "18.18.1",
              "status": "affected",
              "version": "18.18.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-18T03:55:18.483Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/2094235"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0013/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-38552",
    "datePublished": "2023-10-18T03:55:18.483Z",
    "dateReserved": "2023-07-20T01:00:12.444Z",
    "dateUpdated": "2024-08-02T17:46:56.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-38552\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2023-10-18T04:15:11.200\",\"lastModified\":\"2024-02-16T17:11:52.637\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\\nImpacts:\\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.\"},{\"lang\":\"es\",\"value\":\"Cuando la funci\u00f3n de pol\u00edtica de Node.js verifica la integridad de un recurso con un manifiesto confiable, la aplicaci\u00f3n puede interceptar la operaci\u00f3n y devolver una suma de verificaci\u00f3n falsificada a la implementaci\u00f3n de la pol\u00edtica del nodo, deshabilitando as\u00ed efectivamente la verificaci\u00f3n de integridad. Impactos: esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de pol\u00edtica experimental en todas las l\u00edneas de versiones activas: 18.x y 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el mecanismo de pol\u00edtica era una caracter\u00edstica experimental de Node.js.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndIncluding\":\"18.18.1\",\"matchCriteriaId\":\"F7BFC09F-B97D-4C45-939A-6EB3B1F41850\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.1.0\",\"versionEndIncluding\":\"20.8.0\",\"matchCriteriaId\":\"30646F94-FCFC-4E0C-A791-CDAF1FB0498A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://hackerone.com/reports/2094235\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231116-0013/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

rhsa-2023_5849

Vulnerability from csaf_redhat

Published

2023-10-18 16:26

Modified

2024-09-16 19:53

Summary

Red Hat Security Advisory: nodejs:18 security update

Notes

Topic

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552) * nodejs: code injection via WebAssembly export names (CVE-2023-39333) * node-undici: cookie leakage (CVE-2023-45143) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)\n\n* nodejs: code injection via WebAssembly export names (CVE-2023-39333)\n\n* node-undici: cookie leakage (CVE-2023-45143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:5849",
        "url": "https://access.redhat.com/errata/RHSA-2023:5849"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "external",
        "summary": "2244104",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
      },
      {
        "category": "external",
        "summary": "2244415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
      },
      {
        "category": "external",
        "summary": "2244418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5849.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2024-09-16T19:53:41+00:00",
      "generator": {
        "date": "2024-09-16T19:53:41+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2023:5849",
      "initial_release_date": "2023-10-18T16:26:22+00:00",
      "revision_history": [
        {
          "date": "2023-10-18T16:26:22+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-10-18T16:26:22+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T19:53:41+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.2.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs:18:9020020231015221156:rhel9",
                "product": {
                  "name": "nodejs:18:9020020231015221156:rhel9",
                  "product_id": "nodejs:18:9020020231015221156:rhel9",
                  "product_identification_helper": {
                    "purl": "pkg:rpmmod/redhat/nodejs@18:9020020231015221156:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
                "product": {
                  "name": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
                  "product_id": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.2.0.z%2B19753%2B58118bc0?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                "product": {
                  "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_id": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_id": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                "product": {
                  "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_id": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_id": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                "product": {
                  "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_id": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
                "product": {
                  "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
                  "product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.2.0.z%2B19753%2B58118bc0?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                "product": {
                  "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_id": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_id": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                "product": {
                  "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_id": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_id": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                "product": {
                  "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_id": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                "product": {
                  "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_id": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_id": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                "product": {
                  "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_id": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_id": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                "product": {
                  "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_id": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                "product": {
                  "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_id": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_id": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                "product": {
                  "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_id": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_id": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                "product": {
                  "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_id": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
        },
        "product_reference": "nodejs:18:9020020231015221156:rhel9",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
        },
        "product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
        },
        "product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
        },
        "product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src"
        },
        "product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        },
        "product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
        },
        "product_reference": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
        },
        "product_reference": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
        },
        "product_reference": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
        },
        "product_reference": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        },
        "product_reference": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch"
        },
        "product_reference": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
        },
        "product_reference": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
        },
        "product_reference": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x"
        },
        "product_reference": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        },
        "product_reference": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
        "relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38552",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "discovery_date": "2023-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244415"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node\u0027s policy implementation, thus effectively disabling the integrity check.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: integrity checks according to policies can be circumvented",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-38552"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244415",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-38552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
        }
      ],
      "release_date": "2023-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5849"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: integrity checks according to policies can be circumvented"
    },
    {
      "cve": "CVE-2023-39333",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2023-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244418"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection via WebAssembly export names",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The inclusion of nodejs:20/nodejs commenced with RHEL-9.3 GA through RHEA-2023:6529 (https://access.redhat.com/errata/RHEA-2023:6529), which inherently incorporates the fix for CVE-2023-39333. Hence, Nodejs-20, as shipped with Red Hat Enterprise Linux 9, is not affected by this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39333"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244418",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
        }
      ],
      "release_date": "2023-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5849"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs: code injection via WebAssembly export names"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5849"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    },
    {
      "cve": "CVE-2023-45143",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-10-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244104"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-undici: cookie leakage",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Since this requires a non-standard configuration, as well as control of the redirection, Red Hat rates this as having a Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
          "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244104",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
        }
      ],
      "release_date": "2023-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5849"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available.",
          "product_ids": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
            "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "node-undici: cookie leakage"
    }
  ]
}

rhsa-2023_7205

Vulnerability from csaf_redhat

Published

2023-11-14 17:00

Modified

2024-09-16 19:58

Summary

Red Hat Security Advisory: nodejs:20 security update

Notes

Topic

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * nodejs: permission model improperly protects against path traversal (CVE-2023-39331) * nodejs: path traversal through path stored in Uint8Array (CVE-2023-39332) * nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552) * nodejs: code injection via WebAssembly export names (CVE-2023-39333) * node-undici: cookie leakage (CVE-2023-45143) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* nodejs: permission model improperly protects against path traversal (CVE-2023-39331)\n\n* nodejs: path traversal through path stored in Uint8Array (CVE-2023-39332)\n\n* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)\n\n* nodejs: code injection via WebAssembly export names (CVE-2023-39333)\n\n* node-undici: cookie leakage (CVE-2023-45143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7205",
        "url": "https://access.redhat.com/errata/RHSA-2023:7205"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "external",
        "summary": "2244104",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
      },
      {
        "category": "external",
        "summary": "2244413",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244413"
      },
      {
        "category": "external",
        "summary": "2244414",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244414"
      },
      {
        "category": "external",
        "summary": "2244415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
      },
      {
        "category": "external",
        "summary": "2244418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7205.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:20 security update",
    "tracking": {
      "current_release_date": "2024-09-16T19:58:00+00:00",
      "generator": {
        "date": "2024-09-16T19:58:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2023:7205",
      "initial_release_date": "2023-11-14T17:00:27+00:00",
      "revision_history": [
        {
          "date": "2023-11-14T17:00:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-14T17:00:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T19:58:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.9.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs:20:8090020231019152822:a75119d5",
                "product": {
                  "name": "nodejs:20:8090020231019152822:a75119d5",
                  "product_id": "nodejs:20:8090020231019152822:a75119d5",
                  "product_identification_helper": {
                    "purl": "pkg:rpmmod/redhat/nodejs@20:8090020231019152822:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
                "product": {
                  "name": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
                  "product_id": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                "product": {
                  "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_id": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_id": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                "product": {
                  "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_id": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_id": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
                "product": {
                  "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_id": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.1.0-1.20.8.1.1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
                "product": {
                  "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
                  "product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                "product": {
                  "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_id": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_id": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                "product": {
                  "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_id": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_id": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
                "product": {
                  "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_id": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.1.0-1.20.8.1.1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                "product": {
                  "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_id": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_id": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                "product": {
                  "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_id": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_id": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
                "product": {
                  "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_id": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.1.0-1.20.8.1.1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                "product": {
                  "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_id": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_id": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                "product": {
                  "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_id": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_id": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64",
                "product": {
                  "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_id": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.1.0-1.20.8.1.1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
        },
        "product_reference": "nodejs:20:8090020231019152822:a75119d5",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
        },
        "product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
        },
        "product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
        },
        "product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src"
        },
        "product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
        },
        "product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
        },
        "product_reference": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
        },
        "product_reference": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
        },
        "product_reference": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
        },
        "product_reference": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
        },
        "product_reference": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch"
        },
        "product_reference": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64"
        },
        "product_reference": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le"
        },
        "product_reference": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x"
        },
        "product_reference": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
        },
        "product_reference": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38552",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "discovery_date": "2023-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244415"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node\u0027s policy implementation, thus effectively disabling the integrity check.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: integrity checks according to policies can be circumvented",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-38552"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244415",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-38552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
        }
      ],
      "release_date": "2023-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7205"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: integrity checks according to policies can be circumvented"
    },
    {
      "cve": "CVE-2023-39331",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2023-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244413"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: permission model improperly protects against path traversal",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39331"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244413",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244413"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39331",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39331",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39331"
        }
      ],
      "release_date": "2023-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7205"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: permission model improperly protects against path traversal"
    },
    {
      "cve": "CVE-2023-39332",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2023-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244414"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings (see CVE-2023-30584) and Buffer objects (see CVE-2023-32004), but not through non-Buffer Uint8Array objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: path traversal through path stored in Uint8Array",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39332"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244414",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244414"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39332",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39332",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39332"
        }
      ],
      "release_date": "2023-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7205"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: path traversal through path stored in Uint8Array"
    },
    {
      "cve": "CVE-2023-39333",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2023-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244418"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection via WebAssembly export names",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The inclusion of nodejs:20/nodejs commenced with RHEL-9.3 GA through RHEA-2023:6529 (https://access.redhat.com/errata/RHEA-2023:6529), which inherently incorporates the fix for CVE-2023-39333. Hence, Nodejs-20, as shipped with Red Hat Enterprise Linux 9, is not affected by this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39333"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244418",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
        }
      ],
      "release_date": "2023-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7205"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs: code injection via WebAssembly export names"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7205"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    },
    {
      "cve": "CVE-2023-45143",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-10-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244104"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-undici: cookie leakage",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Since this requires a non-standard configuration, as well as control of the redirection, Red Hat rates this as having a Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
          "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244104",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
        }
      ],
      "release_date": "2023-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7205"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
            "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "node-undici: cookie leakage"
    }
  ]
}

rhsa-2023_5869

Vulnerability from csaf_redhat

Published

2023-10-18 23:16

Modified

2024-09-16 19:53

Summary

Red Hat Security Advisory: nodejs:18 security update

Notes

Topic

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. * nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552) * nodejs: code injection via WebAssembly export names (CVE-2023-39333) * node-undici: cookie leakage (CVE-2023-45143) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\n* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)\n\n* nodejs: code injection via WebAssembly export names (CVE-2023-39333)\n\n* node-undici: cookie leakage (CVE-2023-45143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:5869",
        "url": "https://access.redhat.com/errata/RHSA-2023:5869"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "external",
        "summary": "2244104",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
      },
      {
        "category": "external",
        "summary": "2244415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
      },
      {
        "category": "external",
        "summary": "2244418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5869.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2024-09-16T19:53:38+00:00",
      "generator": {
        "date": "2024-09-16T19:53:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2023:5869",
      "initial_release_date": "2023-10-18T23:16:45+00:00",
      "revision_history": [
        {
          "date": "2023-10-18T23:16:45+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-10-18T23:16:45+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T19:53:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.8.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs:18:8080020231015215042:63b34585",
                "product": {
                  "name": "nodejs:18:8080020231015215042:63b34585",
                  "product_id": "nodejs:18:8080020231015215042:63b34585",
                  "product_identification_helper": {
                    "purl": "pkg:rpmmod/redhat/nodejs@18:8080020231015215042:63b34585"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
                "product": {
                  "name": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
                  "product_id": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.8.0%2B19757%2B8ca87034?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                "product": {
                  "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_id": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_id": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                "product": {
                  "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_id": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_id": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
                "product": {
                  "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_id": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
                "product": {
                  "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
                  "product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.8.0%2B19757%2B8ca87034?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                "product": {
                  "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_id": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_id": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                "product": {
                  "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_id": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_id": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
                "product": {
                  "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_id": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                "product": {
                  "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_id": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_id": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                "product": {
                  "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_id": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_id": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
                "product": {
                  "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_id": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                "product": {
                  "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_id": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_id": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                "product": {
                  "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_id": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_id": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64",
                "product": {
                  "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_id": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
        },
        "product_reference": "nodejs:18:8080020231015215042:63b34585",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
        },
        "product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
        },
        "product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
        },
        "product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src"
        },
        "product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
        },
        "product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
        },
        "product_reference": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
        },
        "product_reference": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
        },
        "product_reference": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
        },
        "product_reference": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
        },
        "product_reference": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch"
        },
        "product_reference": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64"
        },
        "product_reference": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le"
        },
        "product_reference": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x"
        },
        "product_reference": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
        },
        "product_reference": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64",
        "relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38552",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "discovery_date": "2023-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244415"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node\u0027s policy implementation, thus effectively disabling the integrity check.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: integrity checks according to policies can be circumvented",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-38552"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244415",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-38552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
        }
      ],
      "release_date": "2023-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5869"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: integrity checks according to policies can be circumvented"
    },
    {
      "cve": "CVE-2023-39333",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2023-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244418"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: code injection via WebAssembly export names",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The inclusion of nodejs:20/nodejs commenced with RHEL-9.3 GA through RHEA-2023:6529 (https://access.redhat.com/errata/RHEA-2023:6529), which inherently incorporates the fix for CVE-2023-39333. Hence, Nodejs-20, as shipped with Red Hat Enterprise Linux 9, is not affected by this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39333"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244418",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
        }
      ],
      "release_date": "2023-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5869"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs: code injection via WebAssembly export names"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5869"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    },
    {
      "cve": "CVE-2023-45143",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-10-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2244104"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-undici: cookie leakage",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Since this requires a non-standard configuration, as well as control of the redirection, Red Hat rates this as having a Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
          "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "RHBZ#2244104",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
        }
      ],
      "release_date": "2023-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5869"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available.",
          "product_ids": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
            "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "node-undici: cookie leakage"
    }
  ]
}

ghsa-x39v-frq9-5hh8

Vulnerability from github

Published

2023-10-18 06:30

Modified

2024-02-16 18:31

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-38552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-18T04:15:11Z",
    "severity": "HIGH"
  },
  "details": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.",
  "id": "GHSA-x39v-frq9-5hh8",
  "modified": "2024-02-16T18:31:04Z",
  "published": "2023-10-18T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2094235"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231116-0013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2023-2655

Vulnerability from csaf_certbund

Published

2023-10-15 22:00

Modified

2024-03-26 23:00

Summary

Node.js: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.

Angriff

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2655 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2655.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2655 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2655"
      },
      {
        "category": "external",
        "summary": "DELL Security Update",
        "url": "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7114471 vom 2024-02-02",
        "url": "https://www.ibm.com/support/pages/node/7114471"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7108595 vom 2024-01-17",
        "url": "https://www.ibm.com/support/pages/node/7108595"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5589 vom 2023-12-28",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00286.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7108824 vom 2024-01-18",
        "url": "https://www.ibm.com/support/pages/node/7108824"
      },
      {
        "category": "external",
        "summary": "NodeJS Security Release vom 2023-10-13",
        "url": "https://nodejs.org/en/blog/release/v20.8.1"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-4D2FD884EA vom 2023-10-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-4d2fd884ea"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5764 vom 2023-10-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:5764"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5765 vom 2023-10-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:5765"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-F66FC0F62A vom 2023-10-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f66fc0f62a"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-E9C04D81C1 vom 2023-10-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e9c04d81c1"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-DBE64661AF vom 2023-10-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-dbe64661af"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-D5030C983C vom 2023-10-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5030c983c"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-7B52921CAE vom 2023-10-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-7b52921cae"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-004 vom 2024-03-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-005 vom 2024-03-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf"
      },
      {
        "category": "external",
        "summary": "Node.js Friday October 13 2023 Security Releases vom 2023-10-13",
        "url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5869 vom 2023-10-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:5869.html"
      },
      {
        "category": "external",
        "summary": "Jenkins Security Advisory 2023-10-18",
        "url": "https://www.jenkins.io/security/advisory/2023-10-18/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5850 vom 2023-10-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:5850"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5849 vom 2023-10-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:5849"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4132-1 vom 2023-10-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016755.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4133-1 vom 2023-10-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016754.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4150-1 vom 2023-10-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016768.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-5869 vom 2023-10-23",
        "url": "https://linux.oracle.com/errata/ELSA-2023-5869.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4155-1 vom 2023-10-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016810.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-5849 vom 2023-10-24",
        "url": "http://linux.oracle.com/errata/ELSA-2023-5849.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-5850 vom 2023-10-24",
        "url": "http://linux.oracle.com/errata/ELSA-2023-5850.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-5765 vom 2023-10-24",
        "url": "http://linux.oracle.com/errata/ELSA-2023-5765.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4207-1 vom 2023-10-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016859.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4259-1 vom 2023-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016918.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4295-1 vom 2023-10-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016945.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4374-1 vom 2023-11-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016996.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4373-1 vom 2023-11-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016997.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7205 vom 2023-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:7205"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-7205 vom 2023-11-23",
        "url": "https://linux.oracle.com/errata/ELSA-2023-7205.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1444 vom 2024-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2024:1444"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-1444 vom 2024-03-21",
        "url": "https://linux.oracle.com/errata/ELSA-2024-1444.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:1444 vom 2024-03-27",
        "url": "https://errata.build.resf.org/RLSA-2024:1444"
      }
    ],
    "source_lang": "en-US",
    "title": "Node.js: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-03-26T23:00:00.000+00:00",
      "generator": {
        "date": "2024-03-27T10:38:26.595+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2655",
      "initial_release_date": "2023-10-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora und Red Hat aufgenommen"
        },
        {
          "date": "2023-10-18T22:00:00.000+00:00",
          "number": "3",
          "summary": "Node.js LTS Version erg\u00e4nzt"
        },
        {
          "date": "2023-10-19T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-10-22T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-10-23T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
        },
        {
          "date": "2023-10-24T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-10-26T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-10-30T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-10-31T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-11-06T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-11-14T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-22T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-12-27T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-01-16T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-18T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-28T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-02-04T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-03-03T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von XEROX aufgenommen"
        },
        {
          "date": "2024-03-20T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-03-21T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-03-26T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        }
      ],
      "status": "final",
      "version": "22"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vProxy\u003c 19.9.0.4",
                "product": {
                  "name": "Dell NetWorker vProxy\u003c 19.9.0.4",
                  "product_id": "T032377",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:vproxy_19.9.0.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vProxy\u003c 19.10",
                "product": {
                  "name": "Dell NetWorker vProxy\u003c 19.10",
                  "product_id": "T032378",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:vproxy_19.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.0.1.0 - 12.0.10.0",
                "product": {
                  "name": "IBM App Connect Enterprise 12.0.1.0 - 12.0.10.0",
                  "product_id": "T032246",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM App Connect Enterprise",
                "product": {
                  "name": "IBM App Connect Enterprise",
                  "product_id": "T032495",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          },
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c weekly 2.428",
                "product": {
                  "name": "Jenkins Jenkins \u003c weekly 2.428",
                  "product_id": "T030677",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cloudbees:jenkins:weekly_2.428"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c LTS 2.414.3",
                "product": {
                  "name": "Jenkins Jenkins \u003c LTS 2.414.3",
                  "product_id": "T030678",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cloudbees:jenkins:lts_2.414.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jenkins"
          }
        ],
        "category": "vendor",
        "name": "Jenkins"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 20.8.1",
                "product": {
                  "name": "Open Source Node.js \u003c 20.8.1",
                  "product_id": "T030520",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nodejs:nodejs:20.8.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 18.18.2",
                "product": {
                  "name": "Open Source Node.js \u003c 18.18.2",
                  "product_id": "T030675",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nodejs:nodejs:18.18.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Node.js"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v7",
                "product": {
                  "name": "Xerox FreeFlow Print Server v7",
                  "product_id": "T015631",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "v9",
                "product": {
                  "name": "Xerox FreeFlow Print Server v9",
                  "product_id": "T015632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38552",
      "notes": [
        {
          "category": "description",
          "text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032377",
          "T032246",
          "T032378",
          "T030677",
          "67646",
          "T030678",
          "T015632",
          "T015631",
          "T004914",
          "T032255",
          "74185",
          "T032495",
          "2951",
          "T002207",
          "T019704"
        ]
      },
      "release_date": "2023-10-15T22:00:00Z",
      "title": "CVE-2023-38552"
    },
    {
      "cve": "CVE-2023-39331",
      "notes": [
        {
          "category": "description",
          "text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032377",
          "T032246",
          "T032378",
          "T030677",
          "67646",
          "T030678",
          "T015632",
          "T015631",
          "T004914",
          "T032255",
          "74185",
          "T032495",
          "2951",
          "T002207",
          "T019704"
        ]
      },
      "release_date": "2023-10-15T22:00:00Z",
      "title": "CVE-2023-39331"
    },
    {
      "cve": "CVE-2023-39332",
      "notes": [
        {
          "category": "description",
          "text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032377",
          "T032246",
          "T032378",
          "T030677",
          "67646",
          "T030678",
          "T015632",
          "T015631",
          "T004914",
          "T032255",
          "74185",
          "T032495",
          "2951",
          "T002207",
          "T019704"
        ]
      },
      "release_date": "2023-10-15T22:00:00Z",
      "title": "CVE-2023-39332"
    },
    {
      "cve": "CVE-2023-39333",
      "notes": [
        {
          "category": "description",
          "text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032377",
          "T032246",
          "T032378",
          "T030677",
          "67646",
          "T030678",
          "T015632",
          "T015631",
          "T004914",
          "T032255",
          "74185",
          "T032495",
          "2951",
          "T002207",
          "T019704"
        ]
      },
      "release_date": "2023-10-15T22:00:00Z",
      "title": "CVE-2023-39333"
    },
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032377",
          "T032246",
          "T032378",
          "T030677",
          "67646",
          "T030678",
          "T015632",
          "T015631",
          "T004914",
          "T032255",
          "74185",
          "T032495",
          "2951",
          "T002207",
          "T019704"
        ]
      },
      "release_date": "2023-10-15T22:00:00Z",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45143",
      "notes": [
        {
          "category": "description",
          "text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032377",
          "T032246",
          "T032378",
          "T030677",
          "67646",
          "T030678",
          "T015632",
          "T015631",
          "T004914",
          "T032255",
          "74185",
          "T032495",
          "2951",
          "T002207",
          "T019704"
        ]
      },
      "release_date": "2023-10-15T22:00:00Z",
      "title": "CVE-2023-45143"
    }
  ]
}

gsd-2023-38552

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-38552

Aliases

CVE-2023-38552

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-38552",
    "id": "GSD-2023-38552"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-38552"
      ],
      "details": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.",
      "id": "GSD-2023-38552",
      "modified": "2023-12-13T01:20:35.446090Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2023-38552",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Node.js",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "20.8.0",
                          "version_value": "20.8.0"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "18.18.1",
                          "version_value": "18.18.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Node.js"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://hackerone.com/reports/2094235",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/2094235"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231116-0013/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231116-0013/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F7BFC09F-B97D-4C45-939A-6EB3B1F41850",
                    "versionEndIncluding": "18.18.1",
                    "versionStartIncluding": "18.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "30646F94-FCFC-4E0C-A791-CDAF1FB0498A",
                    "versionEndIncluding": "20.8.0",
                    "versionStartIncluding": "20.1.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\u0027s policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js."
          },
          {
            "lang": "es",
            "value": "Cuando la funci\u00f3n de pol\u00edtica de Node.js verifica la integridad de un recurso con un manifiesto confiable, la aplicaci\u00f3n puede interceptar la operaci\u00f3n y devolver una suma de verificaci\u00f3n falsificada a la implementaci\u00f3n de la pol\u00edtica del nodo, deshabilitando as\u00ed efectivamente la verificaci\u00f3n de integridad. Impactos: esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de pol\u00edtica experimental en todas las l\u00edneas de versiones activas: 18.x y 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el mecanismo de pol\u00edtica era una caracter\u00edstica experimental de Node.js."
          }
        ],
        "id": "CVE-2023-38552",
        "lastModified": "2024-02-16T17:11:52.637",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-10-18T04:15:11.200",
        "references": [
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://hackerone.com/reports/2094235"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0013/"
          }
        ],
        "sourceIdentifier": "support@hackerone.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-345"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Action not permitted

cve-2023-38552

Vulnerability from cvelistv5

rhsa-2023_5849

Vulnerability from csaf_redhat

rhsa-2023_7205

Vulnerability from csaf_redhat

rhsa-2023_5869

Vulnerability from csaf_redhat

ghsa-x39v-frq9-5hh8

Vulnerability from github

wid-sec-w-2023-2655

Vulnerability from csaf_certbund

gsd-2023-38552

Vulnerability from gsd

Tags