Action not permitted
Modal body text goes here.
cve-2023-45143
Vulnerability from cvelistv5
Published
2023-10-12 16:35
Modified
2024-09-17 13:17
Severity
Summary
Undici's cookie header not cleared on cross-origin redirect in fetch
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
},
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"
},
{
"name": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76"
},
{
"name": "https://hackerone.com/reports/2166948",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/2166948"
},
{
"name": "https://github.com/nodejs/undici/releases/tag/v5.26.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nodejs/undici/releases/tag/v5.26.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:10:30.877905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:17:57.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "undici",
"vendor": "nodejs",
"versions": [
{
"status": "affected",
"version": "\u003c 5.26.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici\u0027s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T16:35:40.637Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
},
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"
},
{
"name": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76"
},
{
"name": "https://hackerone.com/reports/2166948",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2166948"
},
{
"name": "https://github.com/nodejs/undici/releases/tag/v5.26.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/releases/tag/v5.26.2"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
}
],
"source": {
"advisory": "GHSA-wqq4-5wpv-mx2g",
"discovery": "UNKNOWN"
},
"title": "Undici\u0027s cookie header not cleared on cross-origin redirect in fetch"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45143",
"datePublished": "2023-10-12T16:35:40.637Z",
"dateReserved": "2023-10-04T16:02:46.330Z",
"dateUpdated": "2024-09-17T13:17:57.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45143\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-12T17:15:10.087\",\"lastModified\":\"2024-02-16T16:09:02.490\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici\u0027s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.\"},{\"lang\":\"es\",\"value\":\"Undici es un cliente HTTP/1.1 escrito desde cero para Node.js. Antes de la versi\u00f3n 5.26.2, Undici ya borraba los encabezados de Autorizaci\u00f3n en redireccionamientos entre or\u00edgenes, pero no borraba los encabezados de \\\"Cookie\\\". Por dise\u00f1o, los encabezados de \\\"cookie\\\" son encabezados de solicitud prohibidos, lo que no permite que se establezcan en RequestInit.headers en entornos de navegador. Dado que undici maneja los encabezados de manera m\u00e1s liberal que la especificaci\u00f3n, hubo una desconexi\u00f3n con las suposiciones que hizo la especificaci\u00f3n y la implementaci\u00f3n de fetch por parte de undici. Como tal, esto puede provocar una fuga accidental de cookies a un sitio de terceros o que un atacante malicioso que pueda controlar el objetivo de la redirecci\u00f3n (es decir, un redirector abierto) filtre la cookie al sitio de terceros. Esto fue parcheado en la versi\u00f3n 5.26.2. No se conocen workarounds.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":3.9,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"5.26.2\",\"matchCriteriaId\":\"6264C00F-837E-4B54-86E0-855BA2AFC80B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/releases/tag/v5.26.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2166948\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
rhsa-2023_5849
Vulnerability from csaf_redhat
Published
2023-10-18 16:26
Modified
2024-09-16 19:53
Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)
* nodejs: code injection via WebAssembly export names (CVE-2023-39333)
* node-undici: cookie leakage (CVE-2023-45143)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)\n\n* nodejs: code injection via WebAssembly export names (CVE-2023-39333)\n\n* node-undici: cookie leakage (CVE-2023-45143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5849",
"url": "https://access.redhat.com/errata/RHSA-2023:5849"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2244104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
},
{
"category": "external",
"summary": "2244415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
},
{
"category": "external",
"summary": "2244418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5849.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2024-09-16T19:53:41+00:00",
"generator": {
"date": "2024-09-16T19:53:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5849",
"initial_release_date": "2023-10-18T16:26:22+00:00",
"revision_history": [
{
"date": "2023-10-18T16:26:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T16:26:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T19:53:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:18:9020020231015221156:rhel9",
"product": {
"name": "nodejs:18:9020020231015221156:rhel9",
"product_id": "nodejs:18:9020020231015221156:rhel9",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@18:9020020231015221156:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"product": {
"name": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"product_id": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.2.0.z%2B19753%2B58118bc0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product": {
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_id": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product": {
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_id": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product": {
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_id": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product": {
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_id": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product": {
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_id": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"product": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.2.0.z%2B19753%2B58118bc0?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_id": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product": {
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_id": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product": {
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_id": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_id": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product": {
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_id": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product": {
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_id": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product": {
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_id": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product": {
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_id": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product": {
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_id": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product": {
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_id": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_id": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product": {
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_id": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product": {
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_id": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product": {
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_id": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product": {
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_id": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product": {
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_id": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.2.module%2Bel9.2.0.z%2B20408%2B7cb5fda5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
"product_reference": "nodejs:18:9020020231015221156:rhel9",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
},
"product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
},
"product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
},
"product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src"
},
"product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
},
"product_reference": "nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
},
"product_reference": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
},
"product_reference": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
},
"product_reference": "nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
},
"product_reference": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
},
"product_reference": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
},
"product_reference": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
},
"product_reference": "nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
},
"product_reference": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
},
"product_reference": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
},
"product_reference": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
},
"product_reference": "nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch"
},
"product_reference": "nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
},
"product_reference": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x"
},
"product_reference": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
},
"product_reference": "nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64"
},
"product_reference": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le"
},
"product_reference": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x"
},
"product_reference": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64 as a component of nodejs:18:9020020231015221156:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
},
"product_reference": "npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38552",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2023-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244415"
}
],
"notes": [
{
"category": "description",
"text": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node\u0027s policy implementation, thus effectively disabling the integrity check.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: integrity checks according to policies can be circumvented",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38552"
},
{
"category": "external",
"summary": "RHBZ#2244415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: integrity checks according to policies can be circumvented"
},
{
"cve": "CVE-2023-39333",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244418"
}
],
"notes": [
{
"category": "description",
"text": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: code injection via WebAssembly export names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The inclusion of nodejs:20/nodejs commenced with RHEL-9.3 GA through RHEA-2023:6529 (https://access.redhat.com/errata/RHEA-2023:6529), which inherently incorporates the fix for CVE-2023-39333. Hence, Nodejs-20, as shipped with Red Hat Enterprise Linux 9, is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39333"
},
{
"category": "external",
"summary": "RHBZ#2244418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: code injection via WebAssembly export names"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5849"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
},
{
"cve": "CVE-2023-45143",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-undici: cookie leakage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since this requires a non-standard configuration, as well as control of the redirection, Red Hat rates this as having a Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45143"
},
{
"category": "external",
"summary": "RHBZ#2244104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5849"
},
{
"category": "workaround",
"details": "No current mitigation is available.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debuginfo-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-debugsource-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-devel-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-docs-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-full-i18n-1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.2.0.z+19753+58118bc0.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:nodejs:18:9020020231015221156:rhel9:npm-1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-undici: cookie leakage"
}
]
}
rhsa-2023_7205
Vulnerability from csaf_redhat
Published
2023-11-14 17:00
Modified
2024-09-16 19:58
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* nodejs: permission model improperly protects against path traversal (CVE-2023-39331)
* nodejs: path traversal through path stored in Uint8Array (CVE-2023-39332)
* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)
* nodejs: code injection via WebAssembly export names (CVE-2023-39333)
* node-undici: cookie leakage (CVE-2023-45143)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* nodejs: permission model improperly protects against path traversal (CVE-2023-39331)\n\n* nodejs: path traversal through path stored in Uint8Array (CVE-2023-39332)\n\n* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)\n\n* nodejs: code injection via WebAssembly export names (CVE-2023-39333)\n\n* node-undici: cookie leakage (CVE-2023-45143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7205",
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2244104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
},
{
"category": "external",
"summary": "2244413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244413"
},
{
"category": "external",
"summary": "2244414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244414"
},
{
"category": "external",
"summary": "2244415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
},
{
"category": "external",
"summary": "2244418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7205.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2024-09-16T19:58:00+00:00",
"generator": {
"date": "2024-09-16T19:58:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:7205",
"initial_release_date": "2023-11-14T17:00:27+00:00",
"revision_history": [
{
"date": "2023-11-14T17:00:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-14T17:00:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T19:58:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:20:8090020231019152822:a75119d5",
"product": {
"name": "nodejs:20:8090020231019152822:a75119d5",
"product_id": "nodejs:20:8090020231019152822:a75119d5",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@20:8090020231019152822:a75119d5"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"product": {
"name": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"product_id": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product": {
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_id": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product": {
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_id": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product": {
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_id": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product": {
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_id": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"product": {
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_id": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.1.0-1.20.8.1.1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"product": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_id": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product": {
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_id": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product": {
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_id": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_id": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product": {
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_id": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.1.0-1.20.8.1.1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product": {
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_id": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product": {
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_id": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product": {
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_id": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product": {
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_id": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"product": {
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"product_id": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.1.0-1.20.8.1.1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_id": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product": {
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_id": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product": {
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_id": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product": {
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_id": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product": {
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_id": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.8.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64",
"product": {
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_id": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.1.0-1.20.8.1.1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
"product_reference": "nodejs:20:8090020231019152822:a75119d5",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
},
"product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
},
"product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
},
"product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src"
},
"product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
},
"product_reference": "nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
},
"product_reference": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
},
"product_reference": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
},
"product_reference": "nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
},
"product_reference": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
},
"product_reference": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
},
"product_reference": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
},
"product_reference": "nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
},
"product_reference": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
},
"product_reference": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
},
"product_reference": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
},
"product_reference": "nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch"
},
"product_reference": "nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64"
},
"product_reference": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x"
},
"product_reference": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64"
},
"product_reference": "nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64"
},
"product_reference": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le"
},
"product_reference": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x"
},
"product_reference": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64 as a component of nodejs:20:8090020231019152822:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
},
"product_reference": "npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38552",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2023-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244415"
}
],
"notes": [
{
"category": "description",
"text": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node\u0027s policy implementation, thus effectively disabling the integrity check.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: integrity checks according to policies can be circumvented",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38552"
},
{
"category": "external",
"summary": "RHBZ#2244415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: integrity checks according to policies can be circumvented"
},
{
"cve": "CVE-2023-39331",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244413"
}
],
"notes": [
{
"category": "description",
"text": "A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: permission model improperly protects against path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39331"
},
{
"category": "external",
"summary": "RHBZ#2244413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39331"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: permission model improperly protects against path traversal"
},
{
"cve": "CVE-2023-39332",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244414"
}
],
"notes": [
{
"category": "description",
"text": "Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings (see CVE-2023-30584) and Buffer objects (see CVE-2023-32004), but not through non-Buffer Uint8Array objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: path traversal through path stored in Uint8Array",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39332"
},
{
"category": "external",
"summary": "RHBZ#2244414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244414"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39332",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39332"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: path traversal through path stored in Uint8Array"
},
{
"cve": "CVE-2023-39333",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244418"
}
],
"notes": [
{
"category": "description",
"text": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: code injection via WebAssembly export names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The inclusion of nodejs:20/nodejs commenced with RHEL-9.3 GA through RHEA-2023:6529 (https://access.redhat.com/errata/RHEA-2023:6529), which inherently incorporates the fix for CVE-2023-39333. Hence, Nodejs-20, as shipped with Red Hat Enterprise Linux 9, is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39333"
},
{
"category": "external",
"summary": "RHBZ#2244418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: code injection via WebAssembly export names"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
},
{
"cve": "CVE-2023-45143",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-undici: cookie leakage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since this requires a non-standard configuration, as well as control of the redirection, Red Hat rates this as having a Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45143"
},
{
"category": "external",
"summary": "RHBZ#2244104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
},
{
"category": "workaround",
"details": "No current mitigation is available.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debuginfo-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-debugsource-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-devel-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-docs-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-full-i18n-1:20.8.1-1.module+el8.9.0+20473+c4e3d824.x86_64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.aarch64",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.ppc64le",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.s390x",
"AppStream-8.9.0.Z.MAIN:nodejs:20:8090020231019152822:a75119d5:npm-1:10.1.0-1.20.8.1.1.module+el8.9.0+20473+c4e3d824.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-undici: cookie leakage"
}
]
}
rhsa-2023_5869
Vulnerability from csaf_redhat
Published
2023-10-18 23:16
Modified
2024-09-16 19:53
Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)
* nodejs: code injection via WebAssembly export names (CVE-2023-39333)
* node-undici: cookie leakage (CVE-2023-45143)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\n* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)\n\n* nodejs: code injection via WebAssembly export names (CVE-2023-39333)\n\n* node-undici: cookie leakage (CVE-2023-45143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5869",
"url": "https://access.redhat.com/errata/RHSA-2023:5869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2244104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
},
{
"category": "external",
"summary": "2244415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
},
{
"category": "external",
"summary": "2244418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5869.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2024-09-16T19:53:38+00:00",
"generator": {
"date": "2024-09-16T19:53:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5869",
"initial_release_date": "2023-10-18T23:16:45+00:00",
"revision_history": [
{
"date": "2023-10-18T23:16:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T23:16:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T19:53:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs:18:8080020231015215042:63b34585",
"product": {
"name": "nodejs:18:8080020231015215042:63b34585",
"product_id": "nodejs:18:8080020231015215042:63b34585",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/nodejs@18:8080020231015215042:63b34585"
}
}
},
{
"category": "product_version",
"name": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"product": {
"name": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"product_id": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.8.0%2B19757%2B8ca87034?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product": {
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_id": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product": {
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_id": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product": {
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_id": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product": {
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_id": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"product": {
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_id": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"product": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.8.0%2B19757%2B8ca87034?arch=src"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.7.0%2B15582%2B19c314fa?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_id": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product": {
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_id": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product": {
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_id": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_id": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product": {
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_id": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product": {
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_id": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product": {
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_id": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product": {
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_id": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product": {
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_id": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"product": {
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"product_id": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_id": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product": {
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_id": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product": {
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_id": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product": {
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_id": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product": {
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_id": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.18.2-1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64",
"product": {
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_id": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@9.8.1-1.18.18.2.1.module%2Bel8.8.0%2B20407%2Bc11d40bd?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
"product_reference": "nodejs:18:8080020231015215042:63b34585",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
},
"product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
},
"product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
},
"product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src"
},
"product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
},
"product_reference": "nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
},
"product_reference": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
},
"product_reference": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
},
"product_reference": "nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
},
"product_reference": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
},
"product_reference": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
},
"product_reference": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
},
"product_reference": "nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
},
"product_reference": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
},
"product_reference": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
},
"product_reference": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
},
"product_reference": "nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch"
},
"product_reference": "nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64"
},
"product_reference": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x"
},
"product_reference": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64"
},
"product_reference": "nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64"
},
"product_reference": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le"
},
"product_reference": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x"
},
"product_reference": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64 as a component of nodejs:18:8080020231015215042:63b34585 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
},
"product_reference": "npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38552",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2023-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244415"
}
],
"notes": [
{
"category": "description",
"text": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node\u0027s policy implementation, thus effectively disabling the integrity check.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: integrity checks according to policies can be circumvented",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38552"
},
{
"category": "external",
"summary": "RHBZ#2244415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5869"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: integrity checks according to policies can be circumvented"
},
{
"cve": "CVE-2023-39333",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244418"
}
],
"notes": [
{
"category": "description",
"text": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: code injection via WebAssembly export names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The inclusion of nodejs:20/nodejs commenced with RHEL-9.3 GA through RHEA-2023:6529 (https://access.redhat.com/errata/RHEA-2023:6529), which inherently incorporates the fix for CVE-2023-39333. Hence, Nodejs-20, as shipped with Red Hat Enterprise Linux 9, is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39333"
},
{
"category": "external",
"summary": "RHBZ#2244418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5869"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: code injection via WebAssembly export names"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5869"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
},
{
"cve": "CVE-2023-45143",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2244104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-undici: cookie leakage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since this requires a non-standard configuration, as well as control of the redirection, Red Hat rates this as having a Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45143"
},
{
"category": "external",
"summary": "RHBZ#2244104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5869"
},
{
"category": "workaround",
"details": "No current mitigation is available.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debuginfo-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-debugsource-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-devel-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-docs-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-full-i18n-1:18.18.2-1.module+el8.8.0+20407+c11d40bd.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-nodemon-0:3.0.1-1.module+el8.8.0+19757+8ca87034.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-0:2021.06-4.module+el8.7.0+15582+19c314fa.src",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+15582+19c314fa.noarch",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:nodejs:18:8080020231015215042:63b34585:npm-1:9.8.1-1.18.18.2.1.module+el8.8.0+20407+c11d40bd.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "node-undici: cookie leakage"
}
]
}
gsd-2023-45143
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-45143",
"id": "GSD-2023-45143"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-45143"
],
"details": "Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici\u0027s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.",
"id": "GSD-2023-45143",
"modified": "2023-12-13T01:20:38.473287Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-45143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "undici",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 5.26.2"
}
]
}
}
]
},
"vendor_name": "nodejs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici\u0027s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-200",
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"refsource": "MISC",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
},
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
"refsource": "MISC",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"
},
{
"name": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
"refsource": "MISC",
"url": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76"
},
{
"name": "https://hackerone.com/reports/2166948",
"refsource": "MISC",
"url": "https://hackerone.com/reports/2166948"
},
{
"name": "https://github.com/nodejs/undici/releases/tag/v5.26.2",
"refsource": "MISC",
"url": "https://github.com/nodejs/undici/releases/tag/v5.26.2"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
}
]
},
"source": {
"advisory": "GHSA-wqq4-5wpv-mx2g",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6264C00F-837E-4B54-86E0-855BA2AFC80B",
"versionEndExcluding": "5.26.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici\u0027s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds."
},
{
"lang": "es",
"value": "Undici es un cliente HTTP/1.1 escrito desde cero para Node.js. Antes de la versi\u00f3n 5.26.2, Undici ya borraba los encabezados de Autorizaci\u00f3n en redireccionamientos entre or\u00edgenes, pero no borraba los encabezados de \"Cookie\". Por dise\u00f1o, los encabezados de \"cookie\" son encabezados de solicitud prohibidos, lo que no permite que se establezcan en RequestInit.headers en entornos de navegador. Dado que undici maneja los encabezados de manera m\u00e1s liberal que la especificaci\u00f3n, hubo una desconexi\u00f3n con las suposiciones que hizo la especificaci\u00f3n y la implementaci\u00f3n de fetch por parte de undici. Como tal, esto puede provocar una fuga accidental de cookies a un sitio de terceros o que un atacante malicioso que pueda controlar el objetivo de la redirecci\u00f3n (es decir, un redirector abierto) filtre la cookie al sitio de terceros. Esto fue parcheado en la versi\u00f3n 5.26.2. No se conocen workarounds."
}
],
"id": "CVE-2023-45143",
"lastModified": "2024-02-16T16:09:02.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2023-10-12T17:15:10.087",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nodejs/undici/releases/tag/v5.26.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/2166948"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
}
}
}
ghsa-wqq4-5wpv-mx2g
Vulnerability from github
Published
2023-10-16 14:05
Modified
2024-02-16 22:37
Severity
Summary
Undici's cookie header not cleared on cross-origin redirect in fetch
Details
Impact
Undici clears Authorization headers on cross-origin redirects, but does not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch.
As such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.
Patches
This was patched in e041de359221ebeae04c469e8aff4145764e6d76, which is included in version 5.26.2.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.26.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-45143"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-16T14:05:37Z",
"nvd_published_at": "2023-10-12T17:15:10Z",
"severity": "LOW"
},
"details": "### Impact\n\nUndici clears Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in `RequestInit.headers` in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici\u0027s implementation of fetch.\n\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in [e041de359221ebeae04c469e8aff4145764e6d76](https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76), which is included in version 5.26.2.\n",
"id": "GHSA-wqq4-5wpv-mx2g",
"modified": "2024-02-16T22:37:23Z",
"published": "2023-10-16T14:05:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45143"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2166948"
},
{
"type": "PACKAGE",
"url": "https://github.com/nodejs/undici"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/releases/tag/v5.26.2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Undici\u0027s cookie header not cleared on cross-origin redirect in fetch"
}
wid-sec-w-2023-2655
Vulnerability from csaf_certbund
Published
2023-10-15 22:00
Modified
2024-03-26 23:00
Summary
Node.js: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.
Angriff
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2655 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2655.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2655 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2655"
},
{
"category": "external",
"summary": "DELL Security Update",
"url": "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7114471 vom 2024-02-02",
"url": "https://www.ibm.com/support/pages/node/7114471"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108595 vom 2024-01-17",
"url": "https://www.ibm.com/support/pages/node/7108595"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5589 vom 2023-12-28",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00286.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108824 vom 2024-01-18",
"url": "https://www.ibm.com/support/pages/node/7108824"
},
{
"category": "external",
"summary": "NodeJS Security Release vom 2023-10-13",
"url": "https://nodejs.org/en/blog/release/v20.8.1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-4D2FD884EA vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-4d2fd884ea"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5764 vom 2023-10-17",
"url": "https://access.redhat.com/errata/RHSA-2023:5764"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5765 vom 2023-10-17",
"url": "https://access.redhat.com/errata/RHSA-2023:5765"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-F66FC0F62A vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f66fc0f62a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-E9C04D81C1 vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e9c04d81c1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-DBE64661AF vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-dbe64661af"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-D5030C983C vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5030c983c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-7B52921CAE vom 2023-10-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-7b52921cae"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-004 vom 2024-03-04",
"url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-005 vom 2024-03-04",
"url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf"
},
{
"category": "external",
"summary": "Node.js Friday October 13 2023 Security Releases vom 2023-10-13",
"url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5869 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5869.html"
},
{
"category": "external",
"summary": "Jenkins Security Advisory 2023-10-18",
"url": "https://www.jenkins.io/security/advisory/2023-10-18/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5850 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5850"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5849 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5849"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4132-1 vom 2023-10-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016755.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4133-1 vom 2023-10-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016754.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4150-1 vom 2023-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016768.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5869 vom 2023-10-23",
"url": "https://linux.oracle.com/errata/ELSA-2023-5869.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4155-1 vom 2023-10-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016810.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5849 vom 2023-10-24",
"url": "http://linux.oracle.com/errata/ELSA-2023-5849.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5850 vom 2023-10-24",
"url": "http://linux.oracle.com/errata/ELSA-2023-5850.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5765 vom 2023-10-24",
"url": "http://linux.oracle.com/errata/ELSA-2023-5765.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4207-1 vom 2023-10-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016859.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4259-1 vom 2023-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016918.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4295-1 vom 2023-10-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016945.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4374-1 vom 2023-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016996.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4373-1 vom 2023-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016997.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7205 vom 2023-11-15",
"url": "https://access.redhat.com/errata/RHSA-2023:7205"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-7205 vom 2023-11-23",
"url": "https://linux.oracle.com/errata/ELSA-2023-7205.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1444 vom 2024-03-20",
"url": "https://access.redhat.com/errata/RHSA-2024:1444"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1444 vom 2024-03-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-1444.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1444 vom 2024-03-27",
"url": "https://errata.build.resf.org/RLSA-2024:1444"
}
],
"source_lang": "en-US",
"title": "Node.js: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-03-26T23:00:00.000+00:00",
"generator": {
"date": "2024-03-27T10:38:26.595+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2655",
"initial_release_date": "2023-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora und Red Hat aufgenommen"
},
{
"date": "2023-10-18T22:00:00.000+00:00",
"number": "3",
"summary": "Node.js LTS Version erg\u00e4nzt"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2023-10-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-06T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-14T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-22T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-12-27T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-01-16T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-18T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-03-03T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-21T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-26T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "22"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vProxy\u003c 19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy\u003c 19.9.0.4",
"product_id": "T032377",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.9.0.4"
}
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c 19.10",
"product": {
"name": "Dell NetWorker vProxy\u003c 19.10",
"product_id": "T032378",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.10"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.0.1.0 - 12.0.10.0",
"product": {
"name": "IBM App Connect Enterprise 12.0.1.0 - 12.0.10.0",
"product_id": "T032246",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0"
}
}
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c weekly 2.428",
"product": {
"name": "Jenkins Jenkins \u003c weekly 2.428",
"product_id": "T030677",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:weekly_2.428"
}
}
},
{
"category": "product_version_range",
"name": "\u003c LTS 2.414.3",
"product": {
"name": "Jenkins Jenkins \u003c LTS 2.414.3",
"product_id": "T030678",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:lts_2.414.3"
}
}
}
],
"category": "product_name",
"name": "Jenkins"
}
],
"category": "vendor",
"name": "Jenkins"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 20.8.1",
"product": {
"name": "Open Source Node.js \u003c 20.8.1",
"product_id": "T030520",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:20.8.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 18.18.2",
"product": {
"name": "Open Source Node.js \u003c 18.18.2",
"product_id": "T030675",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:18.18.2"
}
}
}
],
"category": "product_name",
"name": "Node.js"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v7",
"product": {
"name": "Xerox FreeFlow Print Server v7",
"product_id": "T015631",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7"
}
}
},
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38552",
"notes": [
{
"category": "description",
"text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032377",
"T032246",
"T032378",
"T030677",
"67646",
"T030678",
"T015632",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00Z",
"title": "CVE-2023-38552"
},
{
"cve": "CVE-2023-39331",
"notes": [
{
"category": "description",
"text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032377",
"T032246",
"T032378",
"T030677",
"67646",
"T030678",
"T015632",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00Z",
"title": "CVE-2023-39331"
},
{
"cve": "CVE-2023-39332",
"notes": [
{
"category": "description",
"text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032377",
"T032246",
"T032378",
"T030677",
"67646",
"T030678",
"T015632",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00Z",
"title": "CVE-2023-39332"
},
{
"cve": "CVE-2023-39333",
"notes": [
{
"category": "description",
"text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032377",
"T032246",
"T032378",
"T030677",
"67646",
"T030678",
"T015632",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00Z",
"title": "CVE-2023-39333"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032377",
"T032246",
"T032378",
"T030677",
"67646",
"T030678",
"T015632",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00Z",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45143",
"notes": [
{
"category": "description",
"text": "In Node.js existieren mehrere Schwachstellen. Diese sind auf Fehler in Komponenten, fehlerhafte Patches, Umgehbarkeit von Kontrollen zu Berechtigungen sowie eine Anf\u00e4lligkeit f\u00fcr eine Code-Injection zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032377",
"T032246",
"T032378",
"T030677",
"67646",
"T030678",
"T015632",
"T015631",
"T004914",
"T032255",
"74185",
"T032495",
"2951",
"T002207",
"T019704"
]
},
"release_date": "2023-10-15T22:00:00Z",
"title": "CVE-2023-45143"
}
]
}
Loading...