RHSA-2024:1687HighCVSS 8.1
Red Hat Security Advisory: nodejs:20 security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2023-46809 — nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) CVE-2024-21890 — nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write CVE-2024-21891 — nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization CVE-2024-21892 — nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21896 — nodejs: path traversal by monkey-patching buffer internals CVE-2024-22017 — nodejs: setuid() does not drop all privileges due to io_uring CVE-2024-22019 — nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2024:1687
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2264569
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2264574
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2264582
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2265717
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2265720
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2265722
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2265727
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1687.json