[RHSA-2024:2778] nodejs:20 security update
Severity
Important
Affected Packages
20
CVEs
5
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
nodejs: CONTINUATION frames DoS (CVE-2024-27983)
nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- ID
- RHSA-2024:2778
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2024:2778
- Published
-
2024-05-09T00:00:00
(4 months ago) - Modified
-
2024-05-09T00:00:00
(4 months ago) - Rights
- Copyright 2024 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2024-1935
-
ALAS2-2024-2494
-
ALAS2-2024-2523
-
ALPINE:CVE-2024-25629
-
ALPINE:CVE-2024-27982
-
ALPINE:CVE-2024-27983
-
ALSA-2024:2778
-
ALSA-2024:2779
-
ALSA-2024:2780
-
ALSA-2024:2853
-
ALSA-2024:2910
-
ALSA-2024:3501
-
ALSA-2024:3842
-
ALSA-2024:4249
-
ALSA-2024:4252
-
ELSA-2024-2778
-
ELSA-2024-2779
-
ELSA-2024-2780
-
ELSA-2024-2853
-
ELSA-2024-2910
-
ELSA-2024-3501
-
ELSA-2024-3842
-
ELSA-2024-4249
-
ELSA-2024-4252
-
FEDORA-2024-2f15e6e876
-
FEDORA-2024-2ffe03eaa6
-
FEDORA-2024-5dc487ee89
-
FEDORA-2024-835800b552
-
FEDORA-2024-9963d77dcb
-
FEDORA-2024-a00de83de9
-
FEDORA-2024-d351e7318e
-
FEDORA-2024-da8cdd8414
-
FEDORA-2024-e28ccc9c17
-
FEDORA-2024-ec22e51ec2
-
FEDORA-2024-f83b123d63
-
FREEBSD:255BF44C-D298-11EE-9C27-40B034429ECF
-
FREEBSD:77A6F1C9-D7D2-11EE-BB12-001B217B3468
-
GLSA-202408-10
-
RHSA-2024:2779
-
RHSA-2024:2780
-
RHSA-2024:2853
-
RHSA-2024:2910
-
RHSA-2024:3501
-
RHSA-2024:3842
-
RHSA-2024:4249
-
RHSA-2024:4252
-
RLSA-2024:2910
-
RLSA-2024:3501
-
SSA:2024-095-02
-
SUSE-SU-2024:0643-1
-
SUSE-SU-2024:0644-1
-
SUSE-SU-2024:0728-1
-
SUSE-SU-2024:0729-1
-
SUSE-SU-2024:0730-1
-
SUSE-SU-2024:0731-1
-
SUSE-SU-2024:0732-1
-
SUSE-SU-2024:0733-1
-
SUSE-SU-2024:1135-1
-
SUSE-SU-2024:1136-1
-
SUSE-SU-2024:1136-2
-
SUSE-SU-2024:1156-1
-
SUSE-SU-2024:1167-1
-
SUSE-SU-2024:1167-2
-
SUSE-SU-2024:1301-1
-
SUSE-SU-2024:1305-1
-
SUSE-SU-2024:1306-1
-
SUSE-SU-2024:1307-1
-
SUSE-SU-2024:1308-1
-
SUSE-SU-2024:1309-1
-
SUSE-SU-2024:1346-1
-
SUSE-SU-2024:1355-1
-
USN-6676-1
-
USN-6754-1
-
USN-6754-2
-
VU:421644
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 2265713 |
|
|
| Bugzilla | 2268639 |
|
|
| Bugzilla | 2270559 |
|
|
| Bugzilla | 2272764 |
|
|
| Bugzilla | 2275392 |
|
|
| RHSA | RHSA-2024:2778 |
|
|
| CVE | CVE-2024-22025 |
|
|
| CVE | CVE-2024-25629 |
|
|
| CVE | CVE-2024-27982 |
|
|
| CVE | CVE-2024-27983 |
|
|
| CVE | CVE-2024-28182 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/npm?arch=x86_64&distro=redhat-8.9 | redhat |
 npm
|
< 10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | x86_64 | |
| Affected | pkg:rpm/redhat/npm?arch=s390x&distro=redhat-8.9 | redhat |
npm
|
< 10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | s390x | |
| Affected | pkg:rpm/redhat/npm?arch=ppc64le&distro=redhat-8.9 | redhat |
npm
|
< 10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | ppc64le | |
| Affected | pkg:rpm/redhat/npm?arch=aarch64&distro=redhat-8.9 | redhat |
npm
|
< 10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | aarch64 | |
| Affected | pkg:rpm/redhat/nodejs?arch=x86_64&distro=redhat-8.9 | redhat |
nodejs
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | x86_64 | |
| Affected | pkg:rpm/redhat/nodejs?arch=s390x&distro=redhat-8.9 | redhat |
nodejs
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | s390x | |
| Affected | pkg:rpm/redhat/nodejs?arch=ppc64le&distro=redhat-8.9 | redhat |
nodejs
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | ppc64le | |
| Affected | pkg:rpm/redhat/nodejs?arch=aarch64&distro=redhat-8.9 | redhat |
nodejs
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | aarch64 | |
| Affected | pkg:rpm/redhat/nodejs-packaging?distro=redhat-8.9 | redhat |
nodejs-packaging
|
< 2021.06-4.module+el8.9.0+19519+e25b965a | redhat-8.9 | ||
| Affected | pkg:rpm/redhat/nodejs-packaging-bundler?distro=redhat-8.9 | redhat |
nodejs-packaging-bundler
|
< 2021.06-4.module+el8.9.0+19519+e25b965a | redhat-8.9 | ||
| Affected | pkg:rpm/redhat/nodejs-nodemon?distro=redhat-8.9 | redhat |
nodejs-nodemon
|
< 3.0.1-1.module+el8.9.0+20473+c4e3d824 | redhat-8.9 | ||
| Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=x86_64&distro=redhat-8.9 | redhat |
nodejs-full-i18n
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | x86_64 | |
| Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=s390x&distro=redhat-8.9 | redhat |
nodejs-full-i18n
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | s390x | |
| Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=ppc64le&distro=redhat-8.9 | redhat |
nodejs-full-i18n
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | ppc64le | |
| Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=aarch64&distro=redhat-8.9 | redhat |
nodejs-full-i18n
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | aarch64 | |
| Affected | pkg:rpm/redhat/nodejs-docs?distro=redhat-8.9 | redhat |
nodejs-docs
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | ||
| Affected | pkg:rpm/redhat/nodejs-devel?arch=x86_64&distro=redhat-8.9 | redhat |
nodejs-devel
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | x86_64 | |
| Affected | pkg:rpm/redhat/nodejs-devel?arch=s390x&distro=redhat-8.9 | redhat |
nodejs-devel
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | s390x | |
| Affected | pkg:rpm/redhat/nodejs-devel?arch=ppc64le&distro=redhat-8.9 | redhat |
nodejs-devel
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | ppc64le | |
| Affected | pkg:rpm/redhat/nodejs-devel?arch=aarch64&distro=redhat-8.9 | redhat |
nodejs-devel
|
< 20.12.2-2.module+el8.9.0+21743+0b3f1be2 | redhat-8.9 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |