(RHSA-2024:2651) Important: nodejs:16 security update

2024-05-0206:41:20

access.redhat.com

node.js

security update

dos attacks

http request

cvss score

cve-2024-22019

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanynoarchnodejs-docs< 16.20.2-4.module+el8.8.0+21546+ecd4bb56nodejs-docs-16.20.2-4.module+el8.8.0+21546+ecd4bb56.noarch.rpm
RedHatanyppc64lenodejs-full-i18n< 16.20.2-4.module+el8.8.0+21546+ecd4bb56nodejs-full-i18n-16.20.2-4.module+el8.8.0+21546+ecd4bb56.ppc64le.rpm
RedHatanyx86_64nodejs-full-i18n< 16.20.2-4.module+el8.8.0+21546+ecd4bb56nodejs-full-i18n-16.20.2-4.module+el8.8.0+21546+ecd4bb56.x86_64.rpm
RedHatanys390xnpm< 8.19.4-1.16.20.2.4.module+el8.8.0+21546+ecd4bb56npm-8.19.4-1.16.20.2.4.module+el8.8.0+21546+ecd4bb56.s390x.rpm
RedHatanynoarchnodejs-packaging< 26-1.module+el8.8.0+19857+6d2a104dnodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
RedHatanyx86_64nodejs-devel< 16.20.2-4.module+el8.8.0+21546+ecd4bb56nodejs-devel-16.20.2-4.module+el8.8.0+21546+ecd4bb56.x86_64.rpm
RedHatanyaarch64nodejs-debuginfo< 16.20.2-4.module+el8.8.0+21546+ecd4bb56nodejs-debuginfo-16.20.2-4.module+el8.8.0+21546+ecd4bb56.aarch64.rpm
RedHatanyaarch64nodejs-debugsource< 16.20.2-4.module+el8.8.0+21546+ecd4bb56nodejs-debugsource-16.20.2-4.module+el8.8.0+21546+ecd4bb56.aarch64.rpm
RedHatanys390xnodejs-full-i18n< 16.20.2-4.module+el8.8.0+21546+ecd4bb56nodejs-full-i18n-16.20.2-4.module+el8.8.0+21546+ecd4bb56.s390x.rpm
RedHatanyx86_64nodejs< 16.20.2-4.module+el8.8.0+21546+ecd4bb56nodejs-16.20.2-4.module+el8.8.0+21546+ecd4bb56.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	noarch	nodejs-docs	< 16.20.2-4.module+el8.8.0+21546+ecd4bb56	nodejs-docs-16.20.2-4.module+el8.8.0+21546+ecd4bb56.noarch.rpm
RedHat	any	ppc64le	nodejs-full-i18n	< 16.20.2-4.module+el8.8.0+21546+ecd4bb56	nodejs-full-i18n-16.20.2-4.module+el8.8.0+21546+ecd4bb56.ppc64le.rpm
RedHat	any	x86_64	nodejs-full-i18n	< 16.20.2-4.module+el8.8.0+21546+ecd4bb56	nodejs-full-i18n-16.20.2-4.module+el8.8.0+21546+ecd4bb56.x86_64.rpm
RedHat	any	s390x	npm	< 8.19.4-1.16.20.2.4.module+el8.8.0+21546+ecd4bb56	npm-8.19.4-1.16.20.2.4.module+el8.8.0+21546+ecd4bb56.s390x.rpm
RedHat	any	noarch	nodejs-packaging	< 26-1.module+el8.8.0+19857+6d2a104d	nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
RedHat	any	x86_64	nodejs-devel	< 16.20.2-4.module+el8.8.0+21546+ecd4bb56	nodejs-devel-16.20.2-4.module+el8.8.0+21546+ecd4bb56.x86_64.rpm
RedHat	any	aarch64	nodejs-debuginfo	< 16.20.2-4.module+el8.8.0+21546+ecd4bb56	nodejs-debuginfo-16.20.2-4.module+el8.8.0+21546+ecd4bb56.aarch64.rpm
RedHat	any	aarch64	nodejs-debugsource	< 16.20.2-4.module+el8.8.0+21546+ecd4bb56	nodejs-debugsource-16.20.2-4.module+el8.8.0+21546+ecd4bb56.aarch64.rpm
RedHat	any	s390x	nodejs-full-i18n	< 16.20.2-4.module+el8.8.0+21546+ecd4bb56	nodejs-full-i18n-16.20.2-4.module+el8.8.0+21546+ecd4bb56.s390x.rpm
RedHat	any	x86_64	nodejs	< 16.20.2-4.module+el8.8.0+21546+ecd4bb56	nodejs-16.20.2-4.module+el8.8.0+21546+ecd4bb56.x86_64.rpm