rhsa-2024_1688
Vulnerability from csaf_redhat
Published
2024-04-08 08:54
Modified
2024-12-17 22:53
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)
* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)
* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)
* nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896)
* nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891)
* nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890)
* nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\n* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\n* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\n* nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896)\n\n* nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891)\n\n* nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890)\n\n* nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1688", "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2264569", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569" }, { "category": "external", "summary": "2264574", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574" }, { "category": "external", "summary": "2264582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582" }, { "category": "external", "summary": "2265717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265717" }, { "category": "external", "summary": "2265720", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265720" }, { "category": "external", "summary": "2265722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265722" }, { "category": "external", "summary": "2265727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265727" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1688.json" } ], "title": "Red Hat Security Advisory: nodejs:20 security update", "tracking": { "current_release_date": "2024-12-17T22:53:37+00:00", "generator": { "date": "2024-12-17T22:53:37+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:1688", "initial_release_date": "2024-04-08T08:54:12+00:00", "revision_history": [ { "date": "2024-04-08T08:54:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-08T08:54:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T22:53:37+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:20:9030020240229115828:rhel9", "product": { "name": "nodejs:20:9030020240229115828:rhel9", "product_id": "nodejs:20:9030020240229115828:rhel9", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@20:9030020240229115828:rhel9" } } }, { "category": "product_version", "name": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "product": { "name": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "product_id": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "product": { "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "product": { "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "product": { "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "product": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "product": { "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "product": { "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product": { "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product": { "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_id": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product": { "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_id": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product": { "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64", "product": { "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64", "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product": { "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product": { "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_id": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product": { "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_id": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product": { "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "product": { "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product": { "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product": { "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_id": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product": { "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_id": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product": { "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "product": { "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_id": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product": { "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_id": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product": { "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_id": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product": { "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_id": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product": { "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_id": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.11.1-1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "product": { "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "product_id": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@10.2.4-1.20.11.1.1.module%2Bel9.3.0%2B21385%2Bbac43d5a?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, "product_reference": "nodejs:20:9030020240229115828:rhel9", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64" }, "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le" }, "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x" }, "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src" }, "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64" }, "product_reference": "nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64" }, "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le" }, "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x" }, "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64" }, "product_reference": "nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64" }, "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le" }, "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x" }, "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64" }, "product_reference": "nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64" }, "product_reference": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le" }, "product_reference": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x" }, "product_reference": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64" }, "product_reference": "nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch" }, "product_reference": "nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64" }, "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le" }, "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x" }, "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64" }, "product_reference": "nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch" }, "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src" }, "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch" }, "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src" }, "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch" }, "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64" }, "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le" }, "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x" }, "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64 as a component of nodejs:20:9030020240229115828:rhel9 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" }, "product_reference": "npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64", "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-46809", "cwe": { "id": "CWE-208", "name": "Observable Timing Discrepancy" }, "discovery_date": "2024-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264569" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)", "title": "Vulnerability summary" }, { "category": "other", "text": "This Node.js vulnerability poses a notable risk as it allows for covert timing side-channel attacks during RSA ciphertext decryption, potentially enabling attackers to decrypt captured data or forge signatures.\n\nIt\u0027s classified as \"Medium\" severity rather than important due to its dependency on specific conditions for exploitation, such as the use of the privateDecrypt() API with PKCS#1 v1.5 padding.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-46809" }, { "category": "external", "summary": "RHBZ#2264569", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-46809", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809" } ], "release_date": "2024-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T08:54:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)" }, { "cve": "CVE-2024-21890", "cwe": { "id": "CWE-1059", "name": "Insufficient Technical Documentation" }, "discovery_date": "2024-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265722" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write", "title": "Vulnerability summary" }, { "category": "other", "text": "This misleading documentation affects all users using the experimental permission model in active release lines 20.x and 21.x.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21890" }, { "category": "external", "summary": "RHBZ#2265722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265722" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21890", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21890" } ], "release_date": "2024-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T08:54:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1688" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write" }, { "cve": "CVE-2024-21891", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265720" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability affects users using the experimental permission model in active release lines 20.x and 21.x.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21891" }, { "category": "external", "summary": "RHBZ#2265720", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265720" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21891", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21891" } ], "release_date": "2024-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T08:54:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1688" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization" }, { "cve": "CVE-2024-21892", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2024-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264582" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process\u0027s elevated privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: code injection and privilege escalation through Linux capabilities", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as an Important severity rather than Critical due to several factors. While it allows unprivileged users to inject code and potentially escalate privileges in a process running with elevated privileges, it does so under specific conditions and limitations. The vulnerability only affects Linux systems where Node.js is running with elevated privileges, and it relies on a specific bug in handling environment variables set by unprivileged users. Additionally, the impact is constrained to the Node.js environment and does not directly compromise the underlying operating system.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21892" }, { "category": "external", "summary": "RHBZ#2264582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21892", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21892" } ], "release_date": "2024-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T08:54:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: code injection and privilege escalation through Linux capabilities" }, { "cve": "CVE-2024-21896", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265717" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: path traversal by monkey-patching buffer internals", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability affects users using the experimental permission model in active release lines 20.x and 21.x.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21896" }, { "category": "external", "summary": "RHBZ#2265717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265717" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21896", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21896", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21896" } ], "release_date": "2024-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T08:54:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1688" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: path traversal by monkey-patching buffer internals" }, { "cve": "CVE-2024-22017", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "discovery_date": "2024-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265727" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js, where the setuid() does not affect libuv\u0027s internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: setuid() does not drop all privileges due to io_uring", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability affects all users in active release lines 20.x, and 21.x.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22017" }, { "category": "external", "summary": "RHBZ#2265727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265727" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22017", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22017", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22017" } ], "release_date": "2024-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T08:54:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1688" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: setuid() does not drop all privileges due to io_uring" }, { "cve": "CVE-2024-22019", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264574" } ], "notes": [ { "category": "description", "text": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks", "title": "Vulnerability summary" }, { "category": "other", "text": "While this vulnerability in Node.js HTTP servers poses a significant risk to system stability and availability, it is classified as a important severity issue rather than a critical one due to several factors. Firstly, while the vulnerability can lead to denial of service (DoS) attacks by causing resource exhaustion, it does not directly compromise the confidentiality or integrity of data stored or processed by the server. Additionally, the exploit requires the attacker to send specially crafted HTTP requests, which may limit the ease and scope of potential attacks compared to more critical vulnerabilities that can be exploited remotely without specific conditions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22019" }, { "category": "external", "summary": "RHBZ#2264574", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22019", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019" } ], "release_date": "2024-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-08T08:54:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debuginfo-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-debugsource-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-devel-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-docs-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-full-i18n-1:20.11.1-1.module+el9.3.0+21385+bac43d5a.x86_64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.aarch64", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.ppc64le", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.s390x", "AppStream-9.3.0.Z.MAIN:nodejs:20:9030020240229115828:rhel9:npm-1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.