RLSA-2023:5869

Описание

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

• HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Rocky Enterprise Software Foundation Security Bulletin which addresses further details about this flaw is available in the References section.

• nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)

• nodejs: code injection via WebAssembly export names (CVE-2023-39333)

• node-undici: cookie leakage (CVE-2023-45143)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.