RHSA-2023:7205 -- Oracle nodejs_npmID: oval:org.secpod.oval:def:95287 | Date: (C)2023-12-01 (M)2024-04-29 |
Class: PATCH | Family: unix |
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * nodejs: permission model improperly protects against path traversal (CVE-2023-39331) * nodejs: path traversal through path stored in Uint8Array (CVE-2023-39332) * nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552) * nodejs: code injection via WebAssembly export names (CVE-2023-39333) * node-undici: cookie leakage (CVE-2023-45143)
Platform: |
Red Hat Enterprise Linux 8 |