FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
77a6f1c9-d7d2-11ee-bb12-001b217b3468	NodeJS -- Vulnerabilities Node.js reports: Code injection and privilege escalation through Linux capabilities- (High) http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) Path traversal by monkey-patching Buffer internals- (High) setuid() does not drop all privileges due to io_uring - (High) Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) Discovery 2024-02-14 Entry 2024-03-01 node >= 21.0.0 lt 21.6.2 >= 20.0.0 lt 20.11.1 >= 18.0.0 lt 18.19.1 >= 16.0.0 lt 16.20.3 node16 >= 16.0.0 lt 16.20.3 node18 >= 18.0.0 lt 18.19.1 node20 >= 20.0.0 lt 20.11.1 node21 >= 21.0.0 lt 21.6.2 CVE-2024-21892 CVE-2024-22019 CVE-2024-21896 CVE-2024-22017 CVE-2023-46809 CVE-2024-21891 CVE-2024-21890 CVE-2024-22025 https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito

VuXML ID

Description

77a6f1c9-d7d2-11ee-bb12-001b217b3468

NodeJS -- Vulnerabilities

Node.js reports:

Code injection and privilege escalation through Linux capabilities- (High)

http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)

Path traversal by monkey-patching Buffer internals- (High)

setuid() does not drop all privileges due to io_uring - (High)

Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)

Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)

Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)

Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)

Discovery 2024-02-14
Entry 2024-03-01
node

>= 21.0.0 lt 21.6.2

>= 20.0.0 lt 20.11.1

>= 18.0.0 lt 18.19.1

>= 16.0.0 lt 16.20.3

node16

>= 16.0.0 lt 16.20.3

node18

>= 18.0.0 lt 18.19.1

node20

>= 20.0.0 lt 20.11.1

node21

>= 21.0.0 lt 21.6.2

CVE-2024-21892
CVE-2024-22019
CVE-2024-21896
CVE-2024-22017
CVE-2023-46809
CVE-2024-21891
CVE-2024-21890
CVE-2024-22025
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito