Download
| Alert*
|
oval:org.secpod.oval:def:10000627
The host is installed with Node.js 16.x before 16.20.1, 18.x before 18.16.1, or 20.x before 20.3.1 and is prone to a security bypass vulnerability. A flaw is present in the application which fails to handle the process.mainModule.proto.require(). Successful exploitation allows an attacker to bypass ... oval:org.secpod.oval:def:1507532 nodejs [1:18.20.2-2] - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 - Fixes: CVE-2023-46809 [1:18.19.0-1] - Rebase to version 18.19.0 Resolves: RHEL-21 ... oval:org.secpod.oval:def:125919 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:2600296 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:96942 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data. oval:org.secpod.oval:def:4501442 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: mainModule.proto bypass experimental policy mechanism * nodejs: process ... oval:org.secpod.oval:def:125923 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:507900 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: mainModule.proto bypass experimental policy mechanism * nodejs: process ... oval:org.secpod.oval:def:612882 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data. oval:org.secpod.oval:def:89049329 This update for nodejs12 fixes the following issues: * CVE-2023-23918: Fixed permissions policies bypass via process.mainModule . * CVE-2023-32002: Fixed permissions policies bypass via Module._load . * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire . ... oval:org.secpod.oval:def:125925 Node.js is a platform built on Chrome's JavaScript runtimefor easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:507869 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: mainModule.proto bypass experimental policy mechanism * nodejs: process ... oval:org.secpod.oval:def:89049104 This update for nodejs16 fixes the following issues: Update to version 16.20.1: * CVE-2023-30581: Fixed mainModule. **proto** Bypass Experimental Policy Mechanism . * CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process . * CVE-20 ... oval:org.secpod.oval:def:1506888 nodejs [1:18.16.1-1] - Rebase to 18.16.1 Resolves: rhbz#2188292 rhbz#2187683 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2222285 nodejs-nodemon nodejs-packaging oval:org.secpod.oval:def:2600302 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:89049294 This update for nodejs14 fixes the following issues: * CVE-2023-32002: Fixed permissions policies bypass via Module._load . * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire . * CVE-2023-32559: Fixed permissions policies bypass via process.binding . * ... oval:org.secpod.oval:def:4501492 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: mainModule.proto bypass experimental policy mechanism * nodejs: process ... oval:org.secpod.oval:def:507870 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: mainModule.proto bypass experimental policy mechanism * nodejs: process ... oval:org.secpod.oval:def:2108151 Oracle Solaris 11 - ( CVE-2023-30581 ) oval:org.secpod.oval:def:125928 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:507896 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: mainModule.proto bypass experimental policy mechanism * nodejs: process ... oval:org.secpod.oval:def:1506872 nodejs [1:18.16.1-1] - Rebase to 18.16.1 Resolves: rhbz#2188290 rhbz#2166926 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2222287 nodejs-nodemon nodejs-packaging [2021.06-4] - NPM bundler: also find n ... oval:org.secpod.oval:def:2501156 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:19500307 The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.Please note that at the time t ... oval:org.secpod.oval:def:2501158 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1506890 nodejs [1:16.20.1-1] - Rebase to 16.20.1 Resolves: rhbz#2188289 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2222288 nodejs-nodemon nodejs-packaging oval:org.secpod.oval:def:1506899 [1:16.20.1-1] - Rebase to 16.20.1 Resolves: rhbz#2188291 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2177781 |
