Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-6147

Опубликовано: 04 сент. 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-6147: nodejs:18 security update (MODERATE)

nodejs [1:18.20.4-1]

  • Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863

nodejs-nodemon nodejs-packaging

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

Module nodejs:18 is enabled

nodejs

18.20.4-1.module+el9.4.0+90400+35c5e203

nodejs-devel

18.20.4-1.module+el9.4.0+90400+35c5e203

nodejs-docs

18.20.4-1.module+el9.4.0+90400+35c5e203

nodejs-full-i18n

18.20.4-1.module+el9.4.0+90400+35c5e203

nodejs-nodemon

3.0.1-1.module+el9.3.0+90167+01064547

nodejs-packaging

2021.06-4.module+el9.1.0+20762+f52d7401

nodejs-packaging-bundler

2021.06-4.module+el9.1.0+20762+f52d7401

npm

10.7.0-1.18.20.4.1.module+el9.4.0+90400+35c5e203

Oracle Linux x86_64

Module nodejs:18 is enabled

nodejs

18.20.4-1.module+el9.4.0+90400+35c5e203

nodejs-devel

18.20.4-1.module+el9.4.0+90400+35c5e203

nodejs-docs

18.20.4-1.module+el9.4.0+90400+35c5e203

nodejs-full-i18n

18.20.4-1.module+el9.4.0+90400+35c5e203

nodejs-nodemon

3.0.1-1.module+el9.3.0+90167+01064547

nodejs-packaging

2021.06-4.module+el9.1.0+20762+f52d7401

nodejs-packaging-bundler

2021.06-4.module+el9.1.0+20762+f52d7401

npm

10.7.0-1.18.20.4.1.module+el9.4.0+90400+35c5e203

Связанные CVE

CVE-2024-22020
CVE-2024-28863

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2024-6148

oracle-oval
11 месяцев назад

ELSA-2024-6148: nodejs:18 security update (MODERATE)

oracle-oval логотип

ELSA-2024-5814

oracle-oval
12 месяцев назад

ELSA-2024-5814: nodejs:20 security update (MODERATE)

ubuntu логотип

CVE-2024-28863

CVSS3: 6.5
ubuntu
больше 1 года назад

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

redhat логотип

CVE-2024-28863

CVSS3: 6.5
redhat
больше 1 года назад

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

nvd логотип

CVE-2024-28863

CVSS3: 6.5
nvd
больше 1 года назад

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.