Описание
ELSA-2024-6148: nodejs:18 security update (MODERATE)
nodejs [1:18.20.4-1]
- Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863
nodejs-nodemon nodejs-packaging
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module nodejs:18 is enabled
nodejs
18.20.4-1.module+el8.10.0+90402+68b79193
nodejs-devel
18.20.4-1.module+el8.10.0+90402+68b79193
nodejs-docs
18.20.4-1.module+el8.10.0+90402+68b79193
nodejs-full-i18n
18.20.4-1.module+el8.10.0+90402+68b79193
nodejs-nodemon
3.0.1-1.module+el8.10.0+90402+68b79193
nodejs-packaging
2021.06-4.module+el8.9.0+90157+ed89dc20
nodejs-packaging-bundler
2021.06-4.module+el8.9.0+90157+ed89dc20
npm
10.7.0-1.18.20.4.1.module+el8.10.0+90402+68b79193
Oracle Linux x86_64
Module nodejs:18 is enabled
nodejs
18.20.4-1.module+el8.10.0+90402+68b79193
nodejs-devel
18.20.4-1.module+el8.10.0+90402+68b79193
nodejs-docs
18.20.4-1.module+el8.10.0+90402+68b79193
nodejs-full-i18n
18.20.4-1.module+el8.10.0+90402+68b79193
nodejs-nodemon
3.0.1-1.module+el8.10.0+90402+68b79193
nodejs-packaging
2021.06-4.module+el8.9.0+90157+ed89dc20
nodejs-packaging-bundler
2021.06-4.module+el8.9.0+90157+ed89dc20
npm
10.7.0-1.18.20.4.1.module+el8.10.0+90402+68b79193
Связанные CVE
Связанные уязвимости
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.