Lucene search
GoogleOSV:SUSE-SU-2024:2496-1HistoryJul 16, 2024 - 7:33 a.m.
Security update for nodejs18
2024-07-1607:33:47
Google
osv.dev
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
Low
This update for nodejs18 fixes the following issues:
Update to 18.20.4:
- CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560)
- CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554)
Changes in 18.20.3:
- This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.
deps:- acorn updated to 8.11.3.
- acorn-walk updated to 8.3.2.
- ada updated to 2.7.8.
- c-ares updated to 1.28.1.
- corepack updated to 0.28.0.
- nghttp2 updated to 1.61.0.
- ngtcp2 updated to 1.3.0.
- npm updated to 10.7.0. Includes a fix from [email protected] to limit the number of open connections npm/cli#7324.
- simdutf updated to 5.2.4.
Changes in 18.20.2:
- CVE-2024-27980: Fixed command injection via args parameter of child_process.spawn without shell option enabled on Windows (bsc#1222665)
Related
nessus
nessus
SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2024:2496-1)
2024-07-17 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2024:2542-1)
2024-07-18 00:00:00
Photon OS 4.0: Nodejs PHSA-2024-4.0-0653
2024-07-24 00:00:00
osv
osv
Security update for nodejs18
2024-07-17 07:51:37
CVE-2024-36138
2024-09-07 16:15:02
BIT-node-2024-36138
2024-09-10 07:13:39
openvas
openvas
Node.js < 18.20.4, 19.x < 20.15.1, 21.x < 22.4.1 Multiple Vulnerabilities - Mac OS X
2024-06-27 00:00:00
Node.js < 18.20.4, 19.x < 20.15.1, 21.x < 22.4.1 Multiple Vulnerabilities - Windows
2024-06-27 00:00:00
Mageia: Security Advisory (MGASA-2024-0282)
2024-08-29 00:00:00
ibm
ibm
cvelist
cvelist
CVE-2024-36138
2024-09-07 16:00:36
CVE-2024-22020
2024-07-09 01:07:28
alpinelinux
alpinelinux
CVE-2024-36138
2024-09-07 16:15:02
CVE-2024-22020
2024-07-09 02:15:09
hackerone
hackerone
Node.js: Bypass incomplete fix of CVE-2024-27980
2024-04-13 10:23:14
Node.js: Bypass network import restriction via data URL
2023-08-01 20:37:14
vulnrichment
vulnrichment
CVE-2024-36138
2024-09-07 16:00:36
CVE-2024-22020
2024-07-09 01:07:28
nvd
nvd
CVE-2024-36138
2024-09-07 16:15:02
CVE-2024-22020
2024-07-09 02:15:09
debiancve
debiancve
cve
cve
CVE-2024-36138
2024-09-07 16:15:02
CVE-2024-22020
2024-07-09 02:15:09
mageia
mageia
Updated nodejs & yarnpkg packages fix security vulnerabilities
2024-08-28 20:11:44
nodejsblog
nodejsblog
Monday, July 8, 2024 Security Releases
2024-07-08 00:00:00
Wednesday, April 10, 2024 Security Releases
2024-04-10 00:00:00
f5
f5
K000141047: Multiple Node.js vulnerabilities
2024-09-12 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0653
2024-07-16 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0318
2024-07-16 00:00:00
ubuntucve
ubuntucve
fedora
fedora
[SECURITY] Fedora 39 Update: nodejs18-18.20.2-1.fc39
2024-04-20 01:03:34
[SECURITY] Fedora 40 Update: nodejs18-18.20.2-1.fc40
2024-04-19 21:44:23
redhatcve
redhatcve
CVE-2024-27980
2024-04-15 14:55:28
CVE-2024-22020
2024-07-09 05:09:34
wolfi
wolfi
CVE-2024-27980 vulnerabilities
2024-09-19 21:18:36
CVE-2024-22020 vulnerabilities
2024-09-19 21:18:36
cgr
cgr
CVE-2024-27980 vulnerabilities
2024-05-19 03:07:16
redos
redos
ROS-20240904-05
2024-09-04 00:00:00
almalinux
almalinux
Moderate: nodejs:18 security update
2024-09-03 00:00:00
Moderate: nodejs:18 security update
2024-09-03 00:00:00
Moderate: nodejs:20 security update
2024-08-26 00:00:00
rocky
rocky
nodejs:18 security update
2024-09-17 00:54:54
nodejs:18 security update
2024-09-17 00:55:59
nodejs:20 security update
2024-09-17 00:55:59
oraclelinux
oraclelinux
nodejs:18 security update
2024-09-04 00:00:00
nodejs:18 security update
2024-09-04 00:00:00
nodejs:20 security update
2024-08-26 00:00:00
redhat
redhat
(RHSA-2024:6148) Moderate: nodejs:18 security update
2024-09-03 01:09:29
(RHSA-2024:6147) Moderate: nodejs:18 security update
2024-09-03 01:09:27
(RHSA-2024:5815) Moderate: nodejs:20 security update
2024-08-26 07:11:46
thn
thn
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks
2024-04-10 03:05:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
Low
Related for OSV:SUSE-SU-2024:2496-1