nodejs Info

nodejs was added to epel7 repo on 2014-03-06
Page updated: 2024-04-20 21:14
Repo Status - Overall Status

Source NVR: nodejs-16.20.2-1.el7 (2022-05-15)

Binary Packages

nodejs nodejs-1:16.20.2-1.el7
nodejs-devel nodejs-devel-1:16.20.2-1.el7
nodejs-docs nodejs-docs-1:16.20.2-1.el7
nodejs-full-i18n nodejs-full-i18n-1:16.20.2-1.el7
nodejs-libs nodejs-libs-1:16.20.2-1.el7
npm npm-1:8.19.4-1.16.20.2.1.el7
v8-devel v8-devel-2:9.4.146.26-1.16.20.2.1.el7

Bugs

1516177 NEW CVE-2017-14919 nodejs: DoS via specific windowBits value [epel-all]
1591007 NEW CVE-2018-7167 nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters [epel-all]
1591015 NEW CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash [epel-all]
1591021 NEW CVE-2018-7162 nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash [epel-all]
1591024 NEW CVE-2018-7164 nodejs: uncontrolled memory consumption when using the net.Socket as a stream [epel-all]
1661000 NEW CVE-2018-12116 nodejs: HTTP request splitting [epel-all]
1661004 NEW CVE-2018-12121 nodejs: Denial of Service with large HTTP headers [epel-all]
1661007 NEW CVE-2018-12122 nodejs: Slowloris HTTP Denial of Service [epel-all]
1661012 NEW CVE-2018-12123 nodejs: Hostname spoofing in URL parser for javascript protocol [epel-all]
1690817 NEW CVE-2019-5739 nodejs: DoS with keep-alive HTTP connection [epel-7]
1788303 NEW CVE-2019-16777 nodejs: npm: Global node_modules Binary Overwrite [epel-all]
1788307 NEW CVE-2019-16775 nodejs: npm: Symlink reference outside of node_modules folder through the bin field upon installation [epel-all]
1788311 NEW CVE-2019-16776 nodejs: npm: Arbitrary file write via constructed entry in the package.json bin field [epel-all]
1845263 NEW CVE-2020-8174 nodejs: memory corruption in napi_get_value_string_* functions [epel-all]
1856876 NEW CVE-2020-15095 nodejs: npm: sensitive information exposure through logs [epel-all]
1879340 NEW CVE-2020-8201 nodejs: HTTP Request Smuggling due to CR-to-Hyphen conversion [epel-all]
1932025 NEW CVE-2021-22884 nodejs: DNS rebinding in --inspect [epel-all]
1993020 NEW CVE-2021-22931 nodejs: Improper handling of untypical characters in domain names [epel-7]
1993040 NEW CVE-2021-22939 nodejs: Incomplete validation of tls rejectUnauthorized parameter [epel-7]
2126994 NEW CVE-2021-43138 nodejs: async: Prototype Pollution in async [epel-7]
2127350 NEW CVE-2020-7677 nodejs: thenify: Arbitrary Code Execution in thenify [epel-7]
2140913 NEW CVE-2022-43548 nodejs: DNS rebinding in inspect via invalid octal IP address [epel-7]
2209504 NEW CVE-2023-32067 nodejs: c-ares: 0-byte UDP payload Denial of Service [epel-7]
2209539 NEW CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 nodejs: various flaws [epel-7]
2233375 NEW CVE-2023-32002 nodejs: Permissions policies can be bypassed via Module._load [epel-7]
2233388 NEW TRIAGE-CVE-2023-32006 nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() [epel-7]
2233397 NEW CVE-2023-32559 nodejs: Permissions policies can be bypassed via process.binding [epel-7]
2244430 NEW TRIAGE-CVE-2023-39331 nodejs: permission model improperly protects against path traversal [epel-7]
2244441 NEW TRIAGE-CVE-2023-39331 nodejs: permission model improperly protects against path traversal [epel-7]
2244452 NEW TRIAGE-CVE-2023-39332 nodejs: path traversal through path stored in Uint8Array [epel-7]
2244472 NEW CVE-2023-38552 nodejs: integrity checks according to policies can be circumvented [epel-7]
2244476 NEW CVE-2023-39333 nodejs: code injection via WebAssembly export names [epel-7]
2244523 NEW Node.js 16.x < 16.20.2 Multiple Vulnerabilities
2258562 NEW CVE-2023-39331 nodejs: permission model improperly protects against path traversal [epel-7]
2258564 NEW CVE-2023-39332 nodejs: path traversal through path stored in Uint8Array [epel-7]

Install Failures