FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-07-07 20:54:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
77a6f1c9-d7d2-11ee-bb12-001b217b3468	NodeJS -- Vulnerabilities Node.js reports: Code injection and privilege escalation through Linux capabilities- (High) http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) Path traversal by monkey-patching Buffer internals- (High) setuid() does not drop all privileges due to io_uring - (High) Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) Discovery 2024-02-14 Entry 2024-03-01 node ge 21.0.0 lt 21.6.2 ge 20.0.0 lt 20.11.1 ge 18.0.0 lt 18.19.1 ge 16.0.0 lt 16.20.3 node16 ge 16.0.0 lt 16.20.3 node18 ge 18.0.0 lt 18.19.1 node20 ge 20.0.0 lt 20.11.1 node21 ge 21.0.0 lt 21.6.2 CVE-2024-21892 CVE-2024-22019 CVE-2024-21896 CVE-2024-22017 CVE-2023-46809 CVE-2024-21891 CVE-2024-21890 CVE-2024-22025 https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito

VuXML ID

Description

77a6f1c9-d7d2-11ee-bb12-001b217b3468

NodeJS -- Vulnerabilities

Node.js reports:

Code injection and privilege escalation through Linux capabilities- (High)

http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)

Path traversal by monkey-patching Buffer internals- (High)

setuid() does not drop all privileges due to io_uring - (High)

Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)

Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)

Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)

Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)

Discovery 2024-02-14
Entry 2024-03-01
node

ge 21.0.0 lt 21.6.2

ge 20.0.0 lt 20.11.1

ge 18.0.0 lt 18.19.1

ge 16.0.0 lt 16.20.3

node16

ge 16.0.0 lt 16.20.3

node18

ge 18.0.0 lt 18.19.1

node20

ge 20.0.0 lt 20.11.1

node21

ge 21.0.0 lt 21.6.2

CVE-2024-21892
CVE-2024-22019
CVE-2024-21896
CVE-2024-22017
CVE-2023-46809
CVE-2024-21891
CVE-2024-21890
CVE-2024-22025
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito