mykola/freebsd-ports
1
0
Fork 0
forked from Lainports/freebsd-ports
Code Pull requests Activity

security/vuxml: document nodejs vulnerabilities

Browse source
This commit is contained in:
Matthias Fechner 2024-03-01 16:06:22 +02:00
parent b512e969f7
commit 44e2fbfdc3
1 changed files with 92 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

92
security/vuxml/vuln/2024.xml
View file

@ -1,3 +1,95 @@
<vuln vid="77a6f1c9-d7d2-11ee-bb12-001b217b3468">
<topic>NodeJS -- Vulnerabilities</topic>
<affects>
<package>
<name>node</name>
<range><ge>21.0.0</ge><lt>21.6.2</lt></range>
<range><ge>20.0.0</ge><lt>20.11.1</lt></range>
<range><ge>18.0.0</ge><lt>18.19.1</lt></range>
<range><ge>16.0.0</ge><lt>16.20.3</lt></range>
</package>
<package>
<name>node16</name>
<range><ge>16.0.0</ge><lt>16.20.3</lt></range>
</package>
<package>
<name>node18</name>
<range><ge>18.0.0</ge><lt>18.19.1</lt></range>
</package>
<package>
<name>node20</name>
<range><ge>20.0.0</ge><lt>20.11.1</lt></range>
</package>
<package>
<name>node21</name>
<range><ge>21.0.0</ge><lt>21.6.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Node.js reports:</p>
<blockquote cite="https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito">
<p>Code injection and privilege escalation through Linux capabilities- (High)</p>
<p>http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)</p>
<p>Path traversal by monkey-patching Buffer internals- (High)</p>
<p>setuid() does not drop all privileges due to io_uring - (High)</p>
<p>Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)</p>
<p>Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)</p>
<p>Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)</p>
<p>Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-21892</cvename>
<cvename>CVE-2024-22019</cvename>
<cvename>CVE-2024-21896</cvename>
<cvename>CVE-2024-22017</cvename>
<cvename>CVE-2023-46809</cvename>
<cvename>CVE-2024-21891</cvename>
<cvename>CVE-2024-21890</cvename>
<cvename>CVE-2024-22025</cvename>
<url>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito</url>
</references>
<dates>
<discovery>2024-02-14</discovery>
<entry>2024-03-01</entry>
</dates>
</vuln>
<vuln vid="46a9eb0f-d7d2-11ee-bb12-001b217b3468">
<topic>null -- null</topic>
<affects>
<package>
<name>null</name>
<range><lt>null</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>support@hackerone.com reports:</p>
<blockquote cite="https://hackerone.com/reports/2237545">
<p>On Linux, Node.js ignores certain environment variables if those
may have been set by an unprivileged user while the process is
running with elevated privileges with the only exception of
CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this
exception, Node.js incorrectly applies this exception even when
certain other capabilities have been set. This allows unprivileged
users to inject code that inherits the process&apos;s elevated
privileges.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-21892</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-21892</url>
</references>
<dates>
<discovery>2024-02-20</discovery>
<entry>2024-03-01</entry>
</dates>
</vuln>
<vuln vid="3567456a-6b17-41f7-ba7f-5cd3efb2b7c9">
<topic>electron{27,28} -- Use after free in Mojo</topic>
<affects>