ALSA-2024:1688
See a problem?- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:1688.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2024:1688
- Related
- Published
- 2024-04-08T00:00:00Z
- Modified
- 2024-04-09T14:51:34Z
- Summary
- Important: nodejs:20 security update
- Details
-
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)
- nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)
- nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)
- nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896)
- nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891)
- nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890)
- nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)
- References
-
- https://access.redhat.com/errata/RHSA-2024:1688
- https://access.redhat.com/security/cve/CVE-2023-46809
- https://access.redhat.com/security/cve/CVE-2024-21890
- https://access.redhat.com/security/cve/CVE-2024-21891
- https://access.redhat.com/security/cve/CVE-2024-21892
- https://access.redhat.com/security/cve/CVE-2024-21896
- https://access.redhat.com/security/cve/CVE-2024-22017
- https://access.redhat.com/security/cve/CVE-2024-22019
- https://bugzilla.redhat.com/2264569
- https://bugzilla.redhat.com/2264574
- https://bugzilla.redhat.com/2264582
- https://bugzilla.redhat.com/2265717
- https://bugzilla.redhat.com/2265720
- https://bugzilla.redhat.com/2265722
- https://bugzilla.redhat.com/2265727
- https://errata.almalinux.org/9/ALSA-2024-1688.html