Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

CVE-2021-35065 — glob-parent: Regular Expression Denial of Service CVE-2021-44531 — nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44532 — nodejs: Certificate Verification Bypass via String Injection CVE-2021-44533 — nodejs: Incorrect handling of certificate subject and issuer fields CVE-2021-44906 — minimist: prototype pollution CVE-2022-0235 — node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-3517 — nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-4904 — c-ares: buffer overflow in config_sortlist() due to missing string length check CVE-2022-21824 — nodejs: Prototype pollution via console.table properties CVE-2022-24999 — express: "qs" prototype poisoning causes the hang of the node process CVE-2022-25881 — http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability CVE-2022-35256 — nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-38900 — decode-uri-component: improper input validation resulting in DoS CVE-2022-43548 — nodejs: DNS rebinding in inspect via invalid octal IP address CVE-2023-23918 — Node.js: Permissions policies can be bypassed via process.mainModule CVE-2023-23920 — Node.js: insecure loading of ICU data through ICU_DATA environment variable