Lucene search
RedHatRHSA-2023:4331HistoryJul 31, 2023 - 8:55 a.m.
(RHSA-2023:4331) Moderate: nodejs security, bug fix, and enhancement update
2023-07-3108:55:53
access.redhat.com
17
node.js
software
security fixes
cve-2023-30581
cve-2023-30588
cve-2023-30589
cve-2023-30590
upgrade
0.001 Low
EPSS
Percentile
40.3%
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The package has been upgraded to a later upstream version: nodejs (16.20.1). (BZ#2223334, BZ#2223336, BZ#2223338, BZ#2223340, BZ#2223342, BZ#2223344)
Security Fix(es):
-
nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581)
-
nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588)
-
nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589)
-
nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | ppc64le | nodejs-full-i18n | < 16.20.1-1.el9_2 | nodejs-full-i18n-16.20.1-1.el9_2.ppc64le.rpm |
| RedHat | 9 | aarch64 | nodejs-libs | < 16.20.1-1.el9_2 | nodejs-libs-16.20.1-1.el9_2.aarch64.rpm |
| RedHat | 9 | aarch64 | nodejs-debuginfo | < 16.20.1-1.el9_2 | nodejs-debuginfo-16.20.1-1.el9_2.aarch64.rpm |
| RedHat | 9 | ppc64le | npm | < 8.19.4-1.16.20.1.1.el9_2 | npm-8.19.4-1.16.20.1.1.el9_2.ppc64le.rpm |
| RedHat | 9 | x86_64 | nodejs | < 16.20.1-1.el9_2 | nodejs-16.20.1-1.el9_2.x86_64.rpm |
| RedHat | 9 | s390x | nodejs | < 16.20.1-1.el9_2 | nodejs-16.20.1-1.el9_2.s390x.rpm |
| RedHat | 9 | x86_64 | nodejs-libs-debuginfo | < 16.20.1-1.el9_2 | nodejs-libs-debuginfo-16.20.1-1.el9_2.x86_64.rpm |
| RedHat | 9 | i686 | nodejs-debugsource | < 16.20.1-1.el9_2 | nodejs-debugsource-16.20.1-1.el9_2.i686.rpm |
| RedHat | 9 | ppc64le | nodejs-debuginfo | < 16.20.1-1.el9_2 | nodejs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm |
| RedHat | 9 | aarch64 | nodejs-full-i18n | < 16.20.1-1.el9_2 | nodejs-full-i18n-16.20.1-1.el9_2.aarch64.rpm |
Related
nessus
nessus
RHEL 8 : nodejs:16 (RHSA-2023:4537)
2023-08-08 00:00:00
RHEL 9 : nodejs:18 (RHSA-2023:4330)
2023-07-31 00:00:00
CentOS 8 : nodejs:18 (CESA-2023:4536)
2023-08-08 00:00:00
osv
osv
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-10-06 23:10:12
Moderate: nodejs security, bug fix, and enhancement update
2023-07-31 00:00:00
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-08-08 00:00:00
oraclelinux
oraclelinux
nodejs security, bug fix, and enhancement update
2023-08-02 00:00:00
nodejs:18 security, bug fix, and enhancement update
2023-08-10 00:00:00
nodejs:16 security, bug fix, and enhancement update
2023-08-10 00:00:00
almalinux
almalinux
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-08-08 00:00:00
Moderate: nodejs:16 security, bug fix, and enhancement update
2023-08-08 00:00:00
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-07-31 00:00:00
redhat
redhat
rocky
rocky
nodejs:18 security, bug fix, and enhancement update
2023-10-06 23:10:12
nodejs:16 security, bug fix, and enhancement update
2023-08-08 12:34:39
ibm
ibm
fedora
fedora
[SECURITY] Fedora 38 Update: nodejs16-16.20.1-1.fc38
2023-07-21 02:27:10
[SECURITY] Fedora 37 Update: nodejs18-18.16.1-1.fc37
2023-07-19 04:21:14
[SECURITY] Fedora 37 Update: nodejs16-16.20.1-1.fc37
2023-07-21 01:26:42
openvas
openvas
Fedora: Security Advisory for nodejs18 (FEDORA-2023-cdddce304a)
2023-07-23 00:00:00
Fedora: Security Advisory for nodejs16 (FEDORA-2023-608a1417d3)
2023-07-23 00:00:00
Fedora: Security Advisory for nodejs18 (FEDORA-2023-6b866fbe84)
2023-07-20 00:00:00
ubuntu
ubuntu
Node.js vulnerabilities
2024-04-16 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2023-07-07 08:54:45
nodejsblog
nodejsblog
Tuesday June 20 2023 Security Releases
2023-06-20 00:00:00
debian
debian
[SECURITY] [DSA 5589-1] nodejs security update
2023-12-27 22:12:40
[SECURITY] [DLA 3776-1] nodejs security update
2024-03-27 00:40:58
alpinelinux
alpinelinux
CVE-2023-30581
2023-11-23 00:15:07
CVE-2023-30589
2023-07-01 00:15:10
ubuntucve
ubuntucve
redhatcve
redhatcve
veracode
veracode
Inconsistency Between Implementation And Documented Design
2023-11-29 05:49:28
HTTP Request Smuggling (HRS)
2023-07-23 04:52:48
Denial Of Service (DoS)
2023-11-29 05:49:59
prion
prion
Design/Logic Flaw
2023-11-28 20:15:00
Design/Logic Flaw
2023-11-23 00:15:00
Crlf injection
2023-07-01 00:15:00
cgr
cgr
CVE-2023-30588 vulnerabilities
2024-05-19 03:07:16
CVE-2023-30590 vulnerabilities
2024-05-19 03:07:16
CVE-2023-30581 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
debiancve
debiancve
cbl_mariner
cbl_mariner
CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2
2023-09-27 18:02:50
CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2
2023-08-03 02:51:21
cvelist
cvelist
hackerone
hackerone
Node.js: DiffieHellman doesn't generate keys after setting a key
2023-03-31 13:33:05
cve
cve
wolfi
wolfi
CVE-2023-30581 vulnerabilities
2024-07-03 09:08:38
CVE-2023-30589 vulnerabilities
2024-07-03 09:08:38
CVE-2023-30590 vulnerabilities
2024-07-03 09:08:38
github
github
llhttp vulnerable to HTTP request smuggling
2023-07-01 00:30:46
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0606
2023-07-02 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0041
2023-06-29 00:00:00
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00