(RHSA-2024:1510) Important: nodejs:18 security update

2024-03-2609:07:37

access.redhat.com

nodejs

security

cve-2024-22019

cve-2023-46809

cve-2024-21892

javascript

platform

applications

dos

bleichenbacher attack

linux capabilities

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

Low

EPSS

Percentile

16.3%

JSON

Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language.

Security Fix(es):

nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)
nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)
nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanys390xnodejs-devel< 18.19.1-1.module+el8.9.0+21387+21356decnodejs-devel-18.19.1-1.module+el8.9.0+21387+21356dec.s390x.rpm
RedHatanyx86_64nodejs-debuginfo< 18.19.1-1.module+el8.9.0+21387+21356decnodejs-debuginfo-18.19.1-1.module+el8.9.0+21387+21356dec.x86_64.rpm
RedHatanyppc64lenodejs-debugsource< 18.19.1-1.module+el8.9.0+21387+21356decnodejs-debugsource-18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le.rpm
RedHatanyx86_64nodejs< 18.19.1-1.module+el8.9.0+21387+21356decnodejs-18.19.1-1.module+el8.9.0+21387+21356dec.x86_64.rpm
RedHatanyx86_64npm< 10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356decnpm-10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64.rpm
RedHatanyppc64lenpm< 10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356decnpm-10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le.rpm
RedHatanynoarchnodejs-docs< 18.19.1-1.module+el8.9.0+21387+21356decnodejs-docs-18.19.1-1.module+el8.9.0+21387+21356dec.noarch.rpm
RedHatanys390xnodejs-full-i18n< 18.19.1-1.module+el8.9.0+21387+21356decnodejs-full-i18n-18.19.1-1.module+el8.9.0+21387+21356dec.s390x.rpm
RedHatanyppc64lenodejs< 18.19.1-1.module+el8.9.0+21387+21356decnodejs-18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le.rpm
RedHatanynoarchnodejs-nodemon< 3.0.1-1.module+el8.9.0+21190+5ebd2c33nodejs-nodemon-3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390x	nodejs-devel	< 18.19.1-1.module+el8.9.0+21387+21356dec	nodejs-devel-18.19.1-1.module+el8.9.0+21387+21356dec.s390x.rpm
RedHat	any	x86_64	nodejs-debuginfo	< 18.19.1-1.module+el8.9.0+21387+21356dec	nodejs-debuginfo-18.19.1-1.module+el8.9.0+21387+21356dec.x86_64.rpm
RedHat	any	ppc64le	nodejs-debugsource	< 18.19.1-1.module+el8.9.0+21387+21356dec	nodejs-debugsource-18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le.rpm
RedHat	any	x86_64	nodejs	< 18.19.1-1.module+el8.9.0+21387+21356dec	nodejs-18.19.1-1.module+el8.9.0+21387+21356dec.x86_64.rpm
RedHat	any	x86_64	npm	< 10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec	npm-10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.x86_64.rpm
RedHat	any	ppc64le	npm	< 10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec	npm-10.2.4-1.18.19.1.1.module+el8.9.0+21387+21356dec.ppc64le.rpm
RedHat	any	noarch	nodejs-docs	< 18.19.1-1.module+el8.9.0+21387+21356dec	nodejs-docs-18.19.1-1.module+el8.9.0+21387+21356dec.noarch.rpm
RedHat	any	s390x	nodejs-full-i18n	< 18.19.1-1.module+el8.9.0+21387+21356dec	nodejs-full-i18n-18.19.1-1.module+el8.9.0+21387+21356dec.s390x.rpm
RedHat	any	ppc64le	nodejs	< 18.19.1-1.module+el8.9.0+21387+21356dec	nodejs-18.19.1-1.module+el8.9.0+21387+21356dec.ppc64le.rpm
RedHat	any	noarch	nodejs-nodemon	< 3.0.1-1.module+el8.9.0+21190+5ebd2c33	nodejs-nodemon-3.0.1-1.module+el8.9.0+21190+5ebd2c33.noarch.rpm