RHSA-2023:5361HighCVSS 8.8

Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

Published
September 26, 2023
Last Modified
June 26, 2026

🔗 CVE IDs covered (8)

📋 Description

CVE-2022-25883 — nodejs-semver: Regular expression denial of service CVE-2023-30581 — nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30588 — nodejs: process interuption due to invalid Public Key information in x509 certificates CVE-2023-30589 — nodejs: HTTP Request Smuggling via Empty headers separated by CR CVE-2023-30590 — nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-32002 — nodejs: Permissions policies can be bypassed via Module._load CVE-2023-32006 — nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() CVE-2023-32559 — nodejs: Permissions policies can be bypassed via process.binding

🔗 References (14)