[USN-6735-1] Node.js vulnerabilities
Several security issues were fixed in Node.js.
It was discovered that Node.js incorrectly handled the use of invalid public
keys while creating an x509 certificate. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service. This issue only affected
Ubuntu 23.10. (CVE-2023-30588)
It was discovered that Node.js incorrectly handled the use of CRLF sequences to
delimit HTTP requests. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain unauthorised access. This issue only affected
Ubuntu 23.10. (CVE-2023-30589)
It was discovered that Node.js incorrectly described the generateKeys()
function in the documentation. This inconsistency could possibly lead to
security issues in applications that use these APIs.
(CVE-2023-30590)
- ID
- USN-6735-1
- Severity
- high
- Severity from
- CVE-2023-30589
- URL
- https://ubuntu.com/security/notices/USN-6735-1
- Published
-
2024-04-16T11:31:52
(5 months ago) - Modified
-
2024-04-16T11:31:52
(5 months ago) - Other Advisories
-
- ALPINE:CVE-2023-30589
- ALSA-2023:4330
- ALSA-2023:4331
- ALSA-2023:4536
- ALSA-2023:4537
- DSA-5589-1
- ELSA-2023-4330
- ELSA-2023-4331
- ELSA-2023-4536
- ELSA-2023-4537
- FEDORA-2023-105880e618
- FEDORA-2023-608a1417d3
- FEDORA-2023-61e40652be
- FEDORA-2023-6b866fbe84
- FEDORA-2023-cdddce304a
- FEDORA-2023-f75af676f2
- GLSA-202405-29
- NPM:GHSA-CGGH-PQ45-6H9X
- RHSA-2023:4330
- RHSA-2023:4331
- RHSA-2023:4536
- RHSA-2023:4537
- SUSE-SU-2023:2655-1
- SUSE-SU-2023:2662-1
- SUSE-SU-2023:2663-1
- SUSE-SU-2023:2669-1
- SUSE-SU-2023:2861-1
- SUSE-SU-2023:3306-1
- SUSE-SU-2023:3408-1
- SUSE-SU-2023:3455-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/nodejs?distro=xenial | ubuntu | nodejs | < 4.2.6~dfsg-1ubuntu4.2+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/nodejs?distro=trusty | ubuntu | nodejs | < 0.10.25~dfsg2-2ubuntu1.2+esm2 | trusty | ||
Affected | pkg:deb/ubuntu/nodejs?distro=mantic | ubuntu | nodejs | < 18.13.0+dfsg1-1ubuntu2.2 | mantic | ||
Affected | pkg:deb/ubuntu/nodejs?distro=jammy | ubuntu | nodejs | < 12.22.9~dfsg-1ubuntu3.5 | jammy | ||
Affected | pkg:deb/ubuntu/nodejs?distro=focal | ubuntu | nodejs | < 10.19.0~dfsg-3ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/nodejs?distro=bionic | ubuntu | nodejs | < 8.10.0~dfsg-2ubuntu0.4+esm5 | bionic | ||
Affected | pkg:deb/ubuntu/nodejs-legacy?distro=xenial | ubuntu | nodejs-legacy | < 4.2.6~dfsg-1ubuntu4.2+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/nodejs-legacy?distro=trusty | ubuntu | nodejs-legacy | < 0.10.25~dfsg2-2ubuntu1.2+esm2 | trusty | ||
Affected | pkg:deb/ubuntu/nodejs-doc?distro=mantic | ubuntu | nodejs-doc | < 18.13.0+dfsg1-1ubuntu2.2 | mantic | ||
Affected | pkg:deb/ubuntu/nodejs-doc?distro=jammy | ubuntu | nodejs-doc | < 12.22.9~dfsg-1ubuntu3.5 | jammy | ||
Affected | pkg:deb/ubuntu/nodejs-doc?distro=focal | ubuntu | nodejs-doc | < 10.19.0~dfsg-3ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/nodejs-doc?distro=bionic | ubuntu | nodejs-doc | < 8.10.0~dfsg-2ubuntu0.4+esm5 | bionic | ||
Affected | pkg:deb/ubuntu/nodejs-dev?distro=xenial | ubuntu | nodejs-dev | < 4.2.6~dfsg-1ubuntu4.2+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/nodejs-dev?distro=trusty | ubuntu | nodejs-dev | < 0.10.25~dfsg2-2ubuntu1.2+esm2 | trusty | ||
Affected | pkg:deb/ubuntu/nodejs-dev?distro=bionic | ubuntu | nodejs-dev | < 8.10.0~dfsg-2ubuntu0.4+esm5 | bionic | ||
Affected | pkg:deb/ubuntu/libnode72?distro=jammy | ubuntu | libnode72 | < 12.22.9~dfsg-1ubuntu3.5 | jammy | ||
Affected | pkg:deb/ubuntu/libnode64?distro=focal | ubuntu | libnode64 | < 10.19.0~dfsg-3ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/libnode108?distro=mantic | ubuntu | libnode108 | < 18.13.0+dfsg1-1ubuntu2.2 | mantic | ||
Affected | pkg:deb/ubuntu/libnode-dev?distro=mantic | ubuntu | libnode-dev | < 18.13.0+dfsg1-1ubuntu2.2 | mantic | ||
Affected | pkg:deb/ubuntu/libnode-dev?distro=jammy | ubuntu | libnode-dev | < 12.22.9~dfsg-1ubuntu3.5 | jammy | ||
Affected | pkg:deb/ubuntu/libnode-dev?distro=focal | ubuntu | libnode-dev | < 10.19.0~dfsg-3ubuntu1.6 | focal |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |