Lucene search
Basic search
Lucene search
Search by product
Subscribe
K
Start 30-day trial
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
SIGN IN
OracleLinux
ELSA-2023-4536
History
Aug 10, 2023 - 12:00 a.m.
Vulners
/
Oraclelinux
/
nodejs:18 security, bug fix, and enhancement update
nodejs:18 security, bug fix, and enhancement update
2023-08-10
00:00:00
linux.oracle.com
18
rebase
resolves rhbz#2188290
resolves rhbz#2166926
resolves cve-2023-30581
npm bundler
fedora 35 mass rebuild
update readme.md
dist-git upstream
0.001 Low
EPSS
Percentile
40.3%
JSON
nodejs
[1:18.16.1-1]
Rebase to 18.16.1
Resolves: rhbz#2188290 rhbz#2166926
Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
Replace /usr/etc/npmrc symlink with builtin configuration
Resolves: rhbz#2222287
nodejs-nodemon
nodejs-packaging
[2021.06-4]
NPM bundler: also find namespaced bundled dependencies
[2021.06-3]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
[2021.06-2]
Fix hard-coded output directory in the bundler
[2021.06-1]
Update to 2021.06-1
bundler: Handle archaic license metadata
bundler: Warn about bundled dependencies with no license metadata
[2021.01-3]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
[2021.01-2]
nodejs-packaging-bundler improvements to handle uncommon characters
[2021.01]
Add nodejs-packaging-bundler and update
README.md
[2020.09-1]
Move to dist-git as the upstream
[25-1]
Fix incorrect bundled library detection for Requires
[24-1]
Check node_modules_prod for bundled dependencies
[23-4]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
[23-3]
Drop Requires: nodejs(engine)
[23-2]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
[23-1]
Ensure nodejs(engine) is required for packages with no dependencies
[22-2]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
[22-1]
Refactor nodejs.req in more idiomatic Python
Treat only external dependency links as un-bundled
[21-1]
Refactor nodejs.prov in more idiomatic Python
[20-2]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
[20-1]
Fix handling of ^ dependencies for multiversion modules
[18-1]
Handle =, >= and <= dependencies for multiversion modules
[17-2]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[17-1]
Fix version comparators with a space after the operator
[16-1]
Rewrite nodejs.req to better match npm versioning rules
Add tests for nodejs.req and nodejs.prov
[15-1]
Fix caret dependency ranges
[14-1]
Only match top level modules for requires and provides generation
[13-1]
Add %nodejs_setversion macro
[12-1]
Port to python 3
[11-2]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
[11-1]
nodesjs.req: use boolean with for range dependencies
[10-1]
Release v10
Automatically generate Provides for bundled npm dependencies
[9-4]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[9-3]
switch source URL to pagure
[9-2]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[9-1]
nodejs-fixdep: stop --move erroring on missing dependency types
[8-1]
nodejs-fixdep: add --move option
nodejs-symlink-deps: add --optional option
req: generate suggests for optional dependencies
[7-5]
nodejs-symlink-deps: handle caret in versions
[7-4]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
[7-3]
Install macros in %{_rpmconfidir}/macros.d where available (#1074279)
[7-2]
Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
[7-1]
nodejs-symlink-deps: fix regression preventing multiply versioned modules from
being symlinked correctly
[6-1]
nodejs-fixdep: use real option parsing
nodejs-fixdep: support modifying optionalDependencies and devDependencies
req: support the caret operator
nodejs-symlink-deps: add --force option
nodejs-symlink-deps: add --build alias for --check
nodejs-fixdep: support converting to caret dependencies
nodejs-fixdep: support non-dictionary dependency properties
multiver_modules: add nan
[4-1]
handle cases where the symlink target exists gracefully
[3-1]
dependencies and engines can be lists or strings too
handle unversioned dependencies on multiply versioned modules correctly
(RHBZ#982798)
restrict to compatible arches
[2-1]
move multiple version list to /usr/share/node
bump nodejs Requires to 0.10.12
add Requires: redhat-rpm-config
[1-1]
initial package
Affected Package
OS
Version
Architecture
Package
Version
Filename
oracle linux
8
src
nodejs
< 18.16.1-1.module
nodejs-18.16.1-1.module+el8.8.0+21140+54ee8b93.src.rpm
oracle linux
8
src
nodejs-nodemon
< 2.0.20-2.module
nodejs-nodemon-2.0.20-2.module+el8.8.0+21140+54ee8b93.src.rpm
oracle linux
8
src
nodejs-packaging
< 2021.06-4.module
nodejs-packaging-2021.06-4.module+el8.7.0+20766+0a247725.src.rpm
oracle linux
8
aarch64
nodejs
< 18.16.1-1.module
nodejs-18.16.1-1.module+el8.8.0+21140+54ee8b93.aarch64.rpm
oracle linux
8
aarch64
nodejs-devel
< 18.16.1-1.module
nodejs-devel-18.16.1-1.module+el8.8.0+21140+54ee8b93.aarch64.rpm
oracle linux
8
noarch
nodejs-docs
< 18.16.1-1.module
nodejs-docs-18.16.1-1.module+el8.8.0+21140+54ee8b93.noarch.rpm
oracle linux
8
aarch64
nodejs-full-i18n
< 18.16.1-1.module
nodejs-full-i18n-18.16.1-1.module+el8.8.0+21140+54ee8b93.aarch64.rpm
oracle linux
8
noarch
nodejs-nodemon
< 2.0.20-2.module
nodejs-nodemon-2.0.20-2.module+el8.8.0+21140+54ee8b93.noarch.rpm
oracle linux
8
noarch
nodejs-packaging
< 2021.06-4.module
nodejs-packaging-2021.06-4.module+el8.7.0+20766+0a247725.noarch.rpm
oracle linux
8
noarch
nodejs-packaging-bundler
< 2021.06-4.module
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+20766+0a247725.noarch.rpm
Rows per page:
10
1-10 of 22
1
Related
nessus 44
osv 20
oraclelinux 3
almalinux 4
redhat 6
rocky 2
ibm 15
fedora 8
openvas 21
ubuntu 1
mageia 1
nodejsblog 1
debian 2
ubuntucve 4
alpinelinux 2
cgr 4
nvd 4
debiancve 4
cbl_mariner 2
redhatcve 4
cvelist 4
prion 4
veracode 4
hackerone 6
cve 4
wolfi 4
github 2
photon 2
gentoo 1
ics 1
oracle 1
nessus
nessus
44
RHEL 8 : nodejs:16 (RHSA-2023:4537)
2023-08-08 00:00:00
RHEL 9 : nodejs:18 (RHSA-2023:4330)
2023-07-31 00:00:00
CentOS 8 : nodejs:18 (CESA-2023:4536)
2023-08-08 00:00:00
osv
osv
20
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-10-06 23:10:12
Moderate: nodejs security, bug fix, and enhancement update
2023-07-31 00:00:00
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-08-08 00:00:00
oraclelinux
oraclelinux
nodejs security, bug fix, and enhancement update
2023-08-02 00:00:00
nodejs:16 security, bug fix, and enhancement update
2023-08-10 00:00:00
18 security, bug fix, and enhancement update
2023-08-02 00:00:00
almalinux
almalinux
4
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-08-08 00:00:00
Moderate: nodejs:16 security, bug fix, and enhancement update
2023-08-08 00:00:00
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-07-31 00:00:00
redhat
redhat
6
(RHSA-2023:4330) Moderate: nodejs:18 security, bug fix, and enhancement update
2023-07-31 08:54:02
(RHSA-2023:4331) Moderate: nodejs security, bug fix, and enhancement update
2023-07-31 08:55:53
(RHSA-2023:4536) Moderate: nodejs:18 security, bug fix, and enhancement update
2023-08-08 07:21:44
rocky
rocky
nodejs:18 security, bug fix, and enhancement update
2023-10-06 23:10:12
nodejs:16 security, bug fix, and enhancement update
2023-08-08 12:34:39
ibm
ibm
15
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to several vulnerabilities in Node.js due to [CVE-2023-30581] [CVE-2023-30588] [CVE-2023-30589] [CVE-2023-30590]
2023-09-07 15:11:40
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js
2023-08-01 09:43:58
Security Bulletin: IBM DataPower Gateway vulnerable to multiple issues in Node.js
2023-10-13 12:54:24
fedora
fedora
8
[SECURITY] Fedora 38 Update: nodejs16-16.20.1-1.fc38
2023-07-21 02:27:10
[SECURITY] Fedora 37 Update: nodejs18-18.16.1-1.fc37
2023-07-19 04:21:14
[SECURITY] Fedora 37 Update: nodejs16-16.20.1-1.fc37
2023-07-21 01:26:42
openvas
openvas
21
Fedora: Security Advisory for nodejs18 (FEDORA-2023-cdddce304a)
2023-07-23 00:00:00
Fedora: Security Advisory for nodejs16 (FEDORA-2023-608a1417d3)
2023-07-23 00:00:00
Fedora: Security Advisory for nodejs18 (FEDORA-2023-6b866fbe84)
2023-07-20 00:00:00
ubuntu
ubuntu
Node.js vulnerabilities
2024-04-16 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2023-07-07 08:54:45
nodejsblog
nodejsblog
Tuesday June 20 2023 Security Releases
2023-06-20 00:00:00
debian
debian
[SECURITY] [DSA 5589-1] nodejs security update
2023-12-27 22:12:40
[SECURITY] [DLA 3776-1] nodejs security update
2024-03-27 00:40:58
ubuntucve
ubuntucve
4
CVE-2023-30581
2023-11-23 00:00:00
CVE-2023-30588
2023-11-28 00:00:00
CVE-2023-30590
2023-11-28 00:00:00
alpinelinux
alpinelinux
CVE-2023-30581
2023-11-23 00:15:07
CVE-2023-30589
2023-07-01 00:15:10
cgr
cgr
4
CVE-2023-30588 vulnerabilities
2024-05-19 03:07:16
CVE-2023-30590 vulnerabilities
2024-05-19 03:07:16
CVE-2023-30581 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
4
CVE-2023-30588
2023-11-28 20:15:07
CVE-2023-30589
2023-07-01 00:15:10
CVE-2023-30590
2023-11-28 20:15:07
debiancve
debiancve
4
CVE-2023-30581
2023-11-23 00:15:07
CVE-2023-30588
2023-11-28 20:15:07
CVE-2023-30589
2023-07-01 00:15:10
cbl_mariner
cbl_mariner
CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2
2023-09-27 18:02:50
CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2
2023-08-03 02:51:21
redhatcve
redhatcve
4
CVE-2023-30581
2023-07-05 15:17:33
CVE-2023-30590
2023-07-05 15:19:03
CVE-2023-30588
2023-07-05 15:18:43
cvelist
cvelist
4
CVE-2023-30590
2023-11-28 19:15:19
CVE-2023-30589
2023-06-30 23:39:59
CVE-2023-30588
2023-11-28 19:15:19
prion
prion
4
Design/Logic Flaw
2023-11-28 20:15:00
Design/Logic Flaw
2023-11-23 00:15:00
Crlf injection
2023-07-01 00:15:00
veracode
veracode
4
Inconsistency Between Implementation And Documented Design
2023-11-29 05:49:28
HTTP Request Smuggling (HRS)
2023-07-23 04:52:48
Denial Of Service (DoS)
2023-11-29 05:49:59
hackerone
hackerone
6
Node.js: DiffieHellman doesn't generate keys after setting a key
2023-03-31 13:33:05
Internet Bug Bounty: HTTP Request Smuggling via Empty headers separated by CR
2023-06-21 02:32:11
Node.js: The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1
2023-02-17 17:58:20
cve
cve
4
CVE-2023-30581
2023-11-23 00:15:07
CVE-2023-30588
2023-11-28 20:15:07
CVE-2023-30590
2023-11-28 20:15:07
wolfi
wolfi
4
CVE-2023-30581 vulnerabilities
2024-07-03 09:08:38
CVE-2023-30589 vulnerabilities
2024-07-03 09:08:38
CVE-2023-30590 vulnerabilities
2024-07-03 09:08:38
github
github
llhttp vulnerable to HTTP request smuggling
2023-07-01 00:30:46
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
2023-07-20 14:52:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0606
2023-07-02 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0041
2023-06-29 00:00:00
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
0.001 Low
EPSS
Percentile
40.3%
JSON
Related for ELSA-2023-4536
nessus
44
osv
20
oraclelinux
3
almalinux
4
redhat
6
rocky
2
ibm
15
fedora
8
openvas
21
ubuntu
1
mageia
1
nodejsblog
1
debian
2
ubuntucve
4
alpinelinux
2
cgr
4
nvd
4
debiancve
4
cbl_mariner
2
redhatcve
4
cvelist
4
prion
4
veracode
4
hackerone
6
cve
4
wolfi
4
github
2
photon
2
gentoo
1
ics
1
oracle
1