[RHSA-2024:2910] nodejs security update
Severity
Important
Affected Packages
18
CVEs
5
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
nodejs: CONTINUATION frames DoS (CVE-2024-27983)
nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- ID
- RHSA-2024:2910
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2024:2910
- Published
-
2024-05-20T00:00:00
(4 months ago) - Modified
-
2024-05-20T00:00:00
(4 months ago) - Rights
- Copyright 2024 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2024-1935
-
ALAS2-2024-2494
-
ALAS2-2024-2523
-
ALPINE:CVE-2024-25629
-
ALPINE:CVE-2024-27982
-
ALPINE:CVE-2024-27983
-
ALSA-2024:2778
-
ALSA-2024:2779
-
ALSA-2024:2780
-
ALSA-2024:2853
-
ALSA-2024:2910
-
ALSA-2024:3501
-
ALSA-2024:3842
-
ALSA-2024:4249
-
ALSA-2024:4252
-
ELSA-2024-2778
-
ELSA-2024-2779
-
ELSA-2024-2780
-
ELSA-2024-2853
-
ELSA-2024-2910
-
ELSA-2024-3501
-
ELSA-2024-3842
-
ELSA-2024-4249
-
ELSA-2024-4252
-
FEDORA-2024-2f15e6e876
-
FEDORA-2024-2ffe03eaa6
-
FEDORA-2024-5dc487ee89
-
FEDORA-2024-835800b552
-
FEDORA-2024-9963d77dcb
-
FEDORA-2024-a00de83de9
-
FEDORA-2024-d351e7318e
-
FEDORA-2024-da8cdd8414
-
FEDORA-2024-e28ccc9c17
-
FEDORA-2024-ec22e51ec2
-
FEDORA-2024-f83b123d63
-
FREEBSD:255BF44C-D298-11EE-9C27-40B034429ECF
-
FREEBSD:77A6F1C9-D7D2-11EE-BB12-001B217B3468
-
GLSA-202408-10
-
RHSA-2024:2778
-
RHSA-2024:2779
-
RHSA-2024:2780
-
RHSA-2024:2853
-
RHSA-2024:3501
-
RHSA-2024:3842
-
RHSA-2024:4249
-
RHSA-2024:4252
-
RLSA-2024:2910
-
RLSA-2024:3501
-
SSA:2024-095-02
-
SUSE-SU-2024:0643-1
-
SUSE-SU-2024:0644-1
-
SUSE-SU-2024:0728-1
-
SUSE-SU-2024:0729-1
-
SUSE-SU-2024:0730-1
-
SUSE-SU-2024:0731-1
-
SUSE-SU-2024:0732-1
-
SUSE-SU-2024:0733-1
-
SUSE-SU-2024:1135-1
-
SUSE-SU-2024:1136-1
-
SUSE-SU-2024:1136-2
-
SUSE-SU-2024:1156-1
-
SUSE-SU-2024:1167-1
-
SUSE-SU-2024:1167-2
-
SUSE-SU-2024:1301-1
-
SUSE-SU-2024:1305-1
-
SUSE-SU-2024:1306-1
-
SUSE-SU-2024:1307-1
-
SUSE-SU-2024:1308-1
-
SUSE-SU-2024:1309-1
-
SUSE-SU-2024:1346-1
-
SUSE-SU-2024:1355-1
-
USN-6676-1
-
USN-6754-1
-
USN-6754-2
-
VU:421644
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 2265713 |
|
|
| Bugzilla | 2268639 |
|
|
| Bugzilla | 2270559 |
|
|
| Bugzilla | 2272764 |
|
|
| Bugzilla | 2275392 |
|
|
| RHSA | RHSA-2024:2910 |
|
|
| CVE | CVE-2024-22025 |
|
|
| CVE | CVE-2024-25629 |
|
|
| CVE | CVE-2024-27982 |
|
|
| CVE | CVE-2024-27983 |
|
|
| CVE | CVE-2024-28182 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/npm?arch=x86_64&distro=redhat-9.4 | redhat |
 npm
|
< 8.19.4-1.16.20.2.8.el9_4 | redhat-9.4 | x86_64 | |
| Affected | pkg:rpm/redhat/npm?arch=s390x&distro=redhat-9.4 | redhat |
npm
|
< 8.19.4-1.16.20.2.8.el9_4 | redhat-9.4 | s390x | |
| Affected | pkg:rpm/redhat/npm?arch=ppc64le&distro=redhat-9.4 | redhat |
npm
|
< 8.19.4-1.16.20.2.8.el9_4 | redhat-9.4 | ppc64le | |
| Affected | pkg:rpm/redhat/npm?arch=aarch64&distro=redhat-9.4 | redhat |
npm
|
< 8.19.4-1.16.20.2.8.el9_4 | redhat-9.4 | aarch64 | |
| Affected | pkg:rpm/redhat/nodejs?arch=x86_64&distro=redhat-9.4 | redhat |
nodejs
|
< 16.20.2-8.el9_4 | redhat-9.4 | x86_64 | |
| Affected | pkg:rpm/redhat/nodejs?arch=s390x&distro=redhat-9.4 | redhat |
nodejs
|
< 16.20.2-8.el9_4 | redhat-9.4 | s390x | |
| Affected | pkg:rpm/redhat/nodejs?arch=ppc64le&distro=redhat-9.4 | redhat |
nodejs
|
< 16.20.2-8.el9_4 | redhat-9.4 | ppc64le | |
| Affected | pkg:rpm/redhat/nodejs?arch=aarch64&distro=redhat-9.4 | redhat |
nodejs
|
< 16.20.2-8.el9_4 | redhat-9.4 | aarch64 | |
| Affected | pkg:rpm/redhat/nodejs-libs?arch=x86_64&distro=redhat-9.4 | redhat |
nodejs-libs
|
< 16.20.2-8.el9_4 | redhat-9.4 | x86_64 | |
| Affected | pkg:rpm/redhat/nodejs-libs?arch=s390x&distro=redhat-9.4 | redhat |
nodejs-libs
|
< 16.20.2-8.el9_4 | redhat-9.4 | s390x | |
| Affected | pkg:rpm/redhat/nodejs-libs?arch=ppc64le&distro=redhat-9.4 | redhat |
nodejs-libs
|
< 16.20.2-8.el9_4 | redhat-9.4 | ppc64le | |
| Affected | pkg:rpm/redhat/nodejs-libs?arch=i686&distro=redhat-9.4 | redhat |
nodejs-libs
|
< 16.20.2-8.el9_4 | redhat-9.4 | i686 | |
| Affected | pkg:rpm/redhat/nodejs-libs?arch=aarch64&distro=redhat-9.4 | redhat |
nodejs-libs
|
< 16.20.2-8.el9_4 | redhat-9.4 | aarch64 | |
| Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=x86_64&distro=redhat-9.4 | redhat |
nodejs-full-i18n
|
< 16.20.2-8.el9_4 | redhat-9.4 | x86_64 | |
| Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=s390x&distro=redhat-9.4 | redhat |
nodejs-full-i18n
|
< 16.20.2-8.el9_4 | redhat-9.4 | s390x | |
| Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=ppc64le&distro=redhat-9.4 | redhat |
nodejs-full-i18n
|
< 16.20.2-8.el9_4 | redhat-9.4 | ppc64le | |
| Affected | pkg:rpm/redhat/nodejs-full-i18n?arch=aarch64&distro=redhat-9.4 | redhat |
nodejs-full-i18n
|
< 16.20.2-8.el9_4 | redhat-9.4 | aarch64 | |
| Affected | pkg:rpm/redhat/nodejs-docs?distro=redhat-9.4 | redhat |
nodejs-docs
|
< 16.20.2-8.el9_4 | redhat-9.4 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |