RHSA-2023:5361HighCVSS 8.8
Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update
🔗 CVE IDs covered (8)
📋 Description
CVE-2022-25883 — nodejs-semver: Regular expression denial of service CVE-2023-30581 — nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30588 — nodejs: process interuption due to invalid Public Key information in x509 certificates CVE-2023-30589 — nodejs: HTTP Request Smuggling via Empty headers separated by CR CVE-2023-30590 — nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-32002 — nodejs: Permissions policies can be bypassed via Module._load CVE-2023-32006 — nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() CVE-2023-32559 — nodejs: Permissions policies can be bypassed via process.binding
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2023:5361
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2216475
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2219824
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2219838
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2219841
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2219842
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2223679
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230948
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230955
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230956
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2233892
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237395
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5361.json