[RHSA-2024:2910] nodejs security update
Severity
Important
Affected Packages
18
CVEs
5
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
nodejs: CONTINUATION frames DoS (CVE-2024-27983)
nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- ID
- RHSA-2024:2910
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2024:2910
- Published
-
2024-05-20T00:00:00
(4 months ago) - Modified
-
2024-05-20T00:00:00
(4 months ago) - Rights
- Copyright 2024 Red Hat, Inc.
- Other Advisories
-
- ALAS-2024-1935
- ALAS2-2024-2494
- ALAS2-2024-2523
- ALPINE:CVE-2024-25629
- ALPINE:CVE-2024-27982
- ALPINE:CVE-2024-27983
- ALSA-2024:2778
- ALSA-2024:2779
- ALSA-2024:2780
- ALSA-2024:2853
- ALSA-2024:2910
- ALSA-2024:3501
- ALSA-2024:3842
- ALSA-2024:4249
- ALSA-2024:4252
- ELSA-2024-2778
- ELSA-2024-2779
- ELSA-2024-2780
- ELSA-2024-2853
- ELSA-2024-2910
- ELSA-2024-3501
- ELSA-2024-3842
- ELSA-2024-4249
- ELSA-2024-4252
- FEDORA-2024-2f15e6e876
- FEDORA-2024-2ffe03eaa6
- FEDORA-2024-5dc487ee89
- FEDORA-2024-835800b552
- FEDORA-2024-9963d77dcb
- FEDORA-2024-a00de83de9
- FEDORA-2024-d351e7318e
- FEDORA-2024-da8cdd8414
- FEDORA-2024-e28ccc9c17
- FEDORA-2024-ec22e51ec2
- FEDORA-2024-f83b123d63
- FREEBSD:255BF44C-D298-11EE-9C27-40B034429ECF
- FREEBSD:77A6F1C9-D7D2-11EE-BB12-001B217B3468
- GLSA-202408-10
- RHSA-2024:2778
- RHSA-2024:2779
- RHSA-2024:2780
- RHSA-2024:2853
- RHSA-2024:3501
- RHSA-2024:3842
- RHSA-2024:4249
- RHSA-2024:4252
- RLSA-2024:2910
- RLSA-2024:3501
- SSA:2024-095-02
- SUSE-SU-2024:0643-1
- SUSE-SU-2024:0644-1
- SUSE-SU-2024:0728-1
- SUSE-SU-2024:0729-1
- SUSE-SU-2024:0730-1
- SUSE-SU-2024:0731-1
- SUSE-SU-2024:0732-1
- SUSE-SU-2024:0733-1
- SUSE-SU-2024:1135-1
- SUSE-SU-2024:1136-1
- SUSE-SU-2024:1136-2
- SUSE-SU-2024:1156-1
- SUSE-SU-2024:1167-1
- SUSE-SU-2024:1167-2
- SUSE-SU-2024:1301-1
- SUSE-SU-2024:1305-1
- SUSE-SU-2024:1306-1
- SUSE-SU-2024:1307-1
- SUSE-SU-2024:1308-1
- SUSE-SU-2024:1309-1
- SUSE-SU-2024:1346-1
- SUSE-SU-2024:1355-1
- USN-6676-1
- USN-6754-1
- USN-6754-2
- VU:421644
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2265713 | https://bugzilla.redhat.com/2265713 | |
Bugzilla | 2268639 | https://bugzilla.redhat.com/2268639 | |
Bugzilla | 2270559 | https://bugzilla.redhat.com/2270559 | |
Bugzilla | 2272764 | https://bugzilla.redhat.com/2272764 | |
Bugzilla | 2275392 | https://bugzilla.redhat.com/2275392 | |
RHSA | RHSA-2024:2910 | https://access.redhat.com/errata/RHSA-2024:2910 | |
CVE | CVE-2024-22025 | https://access.redhat.com/security/cve/CVE-2024-22025 | |
CVE | CVE-2024-25629 | https://access.redhat.com/security/cve/CVE-2024-25629 | |
CVE | CVE-2024-27982 | https://access.redhat.com/security/cve/CVE-2024-27982 | |
CVE | CVE-2024-27983 | https://access.redhat.com/security/cve/CVE-2024-27983 | |
CVE | CVE-2024-28182 | https://access.redhat.com/security/cve/CVE-2024-28182 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/npm?arch=x86_64&distro=redhat-9.4 | redhat | npm | < 8.19.4-1.16.20.2.8.el9_4 | redhat-9.4 | x86_64 | |
Affected | pkg:rpm/redhat/npm?arch=s390x&distro=redhat-9.4 | redhat | npm | < 8.19.4-1.16.20.2.8.el9_4 | redhat-9.4 | s390x | |
Affected | pkg:rpm/redhat/npm?arch=ppc64le&distro=redhat-9.4 | redhat | npm | < 8.19.4-1.16.20.2.8.el9_4 | redhat-9.4 | ppc64le | |
Affected | pkg:rpm/redhat/npm?arch=aarch64&distro=redhat-9.4 | redhat | npm | < 8.19.4-1.16.20.2.8.el9_4 | redhat-9.4 | aarch64 | |
Affected | pkg:rpm/redhat/nodejs?arch=x86_64&distro=redhat-9.4 | redhat | nodejs | < 16.20.2-8.el9_4 | redhat-9.4 | x86_64 | |
Affected | pkg:rpm/redhat/nodejs?arch=s390x&distro=redhat-9.4 | redhat | nodejs | < 16.20.2-8.el9_4 | redhat-9.4 | s390x | |
Affected | pkg:rpm/redhat/nodejs?arch=ppc64le&distro=redhat-9.4 | redhat | nodejs | < 16.20.2-8.el9_4 | redhat-9.4 | ppc64le | |
Affected | pkg:rpm/redhat/nodejs?arch=aarch64&distro=redhat-9.4 | redhat | nodejs | < 16.20.2-8.el9_4 | redhat-9.4 | aarch64 | |
Affected | pkg:rpm/redhat/nodejs-libs?arch=x86_64&distro=redhat-9.4 | redhat | nodejs-libs | < 16.20.2-8.el9_4 | redhat-9.4 | x86_64 | |
Affected | pkg:rpm/redhat/nodejs-libs?arch=s390x&distro=redhat-9.4 | redhat | nodejs-libs | < 16.20.2-8.el9_4 | redhat-9.4 | s390x | |
Affected | pkg:rpm/redhat/nodejs-libs?arch=ppc64le&distro=redhat-9.4 | redhat | nodejs-libs | < 16.20.2-8.el9_4 | redhat-9.4 | ppc64le | |
Affected | pkg:rpm/redhat/nodejs-libs?arch=i686&distro=redhat-9.4 | redhat | nodejs-libs | < 16.20.2-8.el9_4 | redhat-9.4 | i686 | |
Affected | pkg:rpm/redhat/nodejs-libs?arch=aarch64&distro=redhat-9.4 | redhat | nodejs-libs | < 16.20.2-8.el9_4 | redhat-9.4 | aarch64 | |
Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=x86_64&distro=redhat-9.4 | redhat | nodejs-full-i18n | < 16.20.2-8.el9_4 | redhat-9.4 | x86_64 | |
Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=s390x&distro=redhat-9.4 | redhat | nodejs-full-i18n | < 16.20.2-8.el9_4 | redhat-9.4 | s390x | |
Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=ppc64le&distro=redhat-9.4 | redhat | nodejs-full-i18n | < 16.20.2-8.el9_4 | redhat-9.4 | ppc64le | |
Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=aarch64&distro=redhat-9.4 | redhat | nodejs-full-i18n | < 16.20.2-8.el9_4 | redhat-9.4 | aarch64 | |
Affected | pkg:rpm/redhat/nodejs-docs?distro=redhat-9.4 | redhat | nodejs-docs | < 16.20.2-8.el9_4 | redhat-9.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |