Home » Node.js: Security warning! Many IT vulnerabilities have been reported

Node.js: Security warning! Many IT vulnerabilities have been reported

by admin
Node.js: Security warning!  Many IT vulnerabilities have been reported

An IT safety alert replace for a identified vulnerability has been issued for Node.js. You can learn the outline of the safety holes together with the most recent updates and details about the affected working programs and merchandise right here.

Federal workplace for Security in Information Technology (BSI) revealed an replace on June 2, 2024 to a high-risk Node.js safety gap identified on April 3, 2024. The safety vulnerability impacts Linux, MacOS Source Node.js purposes.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Red Hat Security Advisory RHSA-2024:3544 (As of June 3, 2024). Some helpful hyperlinks are listed later on this article.

Multiple Node.js vulnerabilities – Risk: average

Risk stage: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc programs. The CVSS normal makes it potential to check potential or precise safety dangers based mostly on varied metrics in an effort to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporary scores additionally bear in mind adjustments over time within the threat state of affairs. The severity of the present vulnerability is classed as “average” in response to the CVSS with a base rating of seven.5.

Node.js Bug: Description of the assault

Node.js is a platform for creating community purposes.

A distant, unknown attacker might exploit a number of vulnerabilities in Node.js to bypass safety measures or trigger a denial of service.

Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2024-27982 and CVE-2024-27983.

Systems affected by the Node.js vulnerability at a look

Operating programs
Linux, MacOS X, UNIX, Windows

Products
IBM Business Automation Workflow 21.0.2 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 21.0.3 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 22.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 18.0.0.0 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 18.0.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 18.0.0.2 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 19.0.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 19.0.0.2 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 19.0.0.3 (cpe:/a:ibm:business_automation_workflow)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
IBM Business Automation Workflow 20.0.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 20.0.0.2 (cpe:/a:ibm:business_automation_workflow)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
HCL BigFix (cpe:/a:hcltech:bigfix)
IBM Business Automation Workflow 22.0.2 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 23.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 23.0.2 (cpe:/a:ibm:business_automation_workflow)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
IBM App Connect Enterprise (cpe:/a:ibm:app_connect_enterprise)
Open Source Node.js llhttp Open Source Node.js undici Open Source Node.js undici

See also  New data law is an acute threat to press freedom

Common steps to deal with IT safety gaps

  1. Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This usually incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly test the desired sources to see if a brand new safety replace is offered.

Manufacturer details about updates, patches and workarounds

Here you will discover some hyperlinks with details about bug experiences, safety fixes and workarounds.

Red Hat Security Advisory RHSA-2024:3544 vom 2024-06-03 (02.06.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3545 vom 2024-06-03 (02.06.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3472 vom 2024-05-29 (30.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2910 vom 2024-05-23 (22.05.2024)
For extra info, see:

HCL Security Bulletin vom 2024-05-23 (22.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2910 vom 2024-05-20 (20.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2937 vom 2024-05-21 (20.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2853 vom 2024-05-17 (16.05.2024)
For extra info, see:

IBM Security Bulletin 7152858 vom 2024-05-16 (15.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2853 vom 2024-05-15 (15.05.2024)
For extra info, see:

See also  Express | The Central Bank released the Banker's Questionnaire Survey Report for the First Quarter of 2022: The Banking Sentiment Index was 72.1%_ Financial Network-CAIJING.COM.CN

Oracle Linux Security Advisory ELSA-2024-2779 vom 2024-05-15 (14.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2780 vom 2024-05-10 (12.05.2024)
For extra info, see:

IBM Security Bulletin 7150809 vom 2024-05-10 (09.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2778 vom 2024-05-09 (09.05.2024)
For extra info, see:

Rocky Linux Security Advisory RLSA-2024:2780 vom 2024-05-09 (09.05.2024)
For extra info, see:

Rocky Linux Security Advisory RLSA-2024:2779 vom 2024-05-09 (09.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2780 vom 2024-05-09 (09.05.2024)
For extra info, see:

Rocky Linux Security Advisory RLSA-2024:2778 vom 2024-05-09 (09.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2779 vom 2024-05-09 (09.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2778 vom 2024-05-09 (09.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1346-1 vom 2024-04-19 (21.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1355-1 vom 2024-04-19 (21.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1309-1 vom 2024-04-16 (16.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1305-1 vom 2024-04-16 (16.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1307-1 vom 2024-04-16 (16.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1306-1 vom 2024-04-16 (16.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1308-1 vom 2024-04-16 (16.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1301-1 vom 2024-04-16 (15.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-2FFE03EAA6 vom 2024-04-11 (11.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-F83B123D63 vom 2024-04-11 (11.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-8DEAADD998 vom 2024-04-11 (11.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-5DC487EE89 vom 2024-04-11 (11.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-2F15E6E876 vom 2024-04-11 (11.04.2024)
For extra info, see:

See also  IGEL OS: IT safety warning a couple of new bug

Fedora Security Advisory FEDORA-2024-E28CCC9C17 vom 2024-04-11 (11.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-EPEL-2024-CE142428AF vom 2024-04-12 (11.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-91BB4ED803 vom 2024-04-08 (08.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-25B66392E2 vom 2024-04-08 (08.04.2024)
For extra info, see:

Node.js Security Release April 2024 vom 2024-04-03 (03.04.2024)
For extra info, see:

Version historical past of this safety alert

This is model 15 of this Node.js IT Security Notice. This doc might be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.

April 3, 2024 – First model
April 8, 2024 – Added new updates from Fedora
April 11, 2024 – Added new updates from Fedora
April 15, 2024 – New updates from SUSE added
April 16, 2024 – New updates from SUSE added
April 21, 2024 – New updates from SUSE added
May 9, 2024 – New updates from Oracle Linux, Red Hat, Rocky Enterprise Software Foundation, IBM and IBM-APAR added
May 12, 2024 – New Oracle Linux updates added
May 14, 2024 – New Oracle Linux updates added
May 15, 2024 – New updates from Red Hat have been added
May 16, 2024 – New Oracle Linux updates added
May 20, 2024 – New updates from Red Hat have been added
05/22/2024 – New updates from HCL added
May 30, 2024 – New updates from Red Hat have been added
06/02/2024 – New updates from Red Hat have been added

+++ Editorial observe: This doc relies on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover scorching information, present movies and a direct line to the editorial staff.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy