RHSA-2024:1688 -- Redhat nodejs, npmID: oval:org.secpod.oval:def:509183 | Date: (C)2024-04-12 (M)2024-04-25 |
Class: PATCH | Family: unix |
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks nodejs: code injection and privilege escalation through Linux capabilities nodejs: path traversal by monkey-patching buffer internals nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write nodejs: setuid does not drop all privileges due to io_uring
Platform: |
Red Hat Enterprise Linux 9 |